7 matches found
CVE-2019-12170
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/core/backups/upload.php aka backup component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...
CVE-2023-4278 MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts...
MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation
Description The plugin does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts. 1. Visit the Profiles Settings page for the plugin: MS LMS LMS Settings Profiles 2. Ensure that "Disable Instructor...
Design/Logic Flaw
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/core/backups/upload.php aka backup component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...
CVE-2019-12170
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/core/backups/upload.php aka backup component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...
CVE-2019-12170
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/core/backups/upload.php aka backup component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...
PT-2019-12676 · Atutor · Atutor
Name of the Vulnerable Software and Affected Versions: ATutor versions prior to 2.2.5 Description: The issue allows for arbitrary file uploads via the "mods/ core/backups/upload.php" component, potentially resulting in remote command execution. An attacker can use an instructor account to fully...