4 matches found
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in installmodules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file...
CVE-2016-2539
Cross-site request forgery CSRF vulnerability in installmodules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file...
CVE-2016-2539
Cross-site request forgery CSRF vulnerability in installmodules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file...
ATutor LMS - install_modules.php Cross-Site Request Forgery Remote Code Execution
ATutor LMS - installmodules.php Cross-Site Request Forgery Remote Code Execution / exp.js ATutor LMS " in it - You will need to set the Access-Control-Allow-Origin header to allow the target to pull zips - Use this with your favorite XSS attack - Student proof, aka bullet proof Timeline: 23/02/20...