3 matches found
CVE-2005-3405
ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute arbitrary PHP functions via a direct request to forum.inc.php with a modified addslashes parameter with either the 1 asc or 2 desc parameters set, possibly due to an eval injection vulnerability...
CVE-2005-3405
ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute arbitrary PHP functions via a direct request to forum.inc.php with a modified addslashes parameter with either the 1 asc or 2 desc parameters set, possibly due to an eval injection vulnerability...
ATutor 1.x - 'forum.inc.php' Arbitrary Command Execution
source: https://www.securityfocus.com/bid/15221/info ATutor is prone to multiple vulnerabilities. These issues can allow remote attackers to execute arbitrary PHP commands and carry out local file include and cross-site scripting attacks. ATutor 1.5.1-pl1 and prior versions are affected...