Atutor@1.5.1 Security Vulnerabilities and Issues — Atutor@1.5.1 CVE List

Lucene search

Adaptive Technology Resource CentreAtutor1.5.1

8 matches found

CVE•added 2005/08/23 4:0 a.m.•47 views

CVE-2005-2649

Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via (1) course parameter in login.php or (2) words parameter in search.php.

4.3CVSS5.7AI score0.00655EPSS

CVE•added 2005/11/01 12:47 p.m.•47 views

CVE-2005-3403

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the _base_href parameter in translate.php, (2) the _base_path parameter in news.inc.php, and (3) the p parameter in add_note.php.

4.3CVSS5.8AI score0.01281EPSS

CVE•added 2005/09/16 10:3 p.m.•44 views

CVE-2005-2956

ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files.

5CVSS7.2AI score0.03573EPSS

CVE•added 2005/09/16 10:3 p.m.•43 views

CVE-2005-2954

SQL injection vulnerability in password_reminder.php in ATutor before 1.5.1 pl1 allows remote attackers to execute arbitrary SQL commands via the email field.

7.5CVSS8.4AI score0.01238EPSS

CVE•added 2005/11/01 12:47 p.m.•42 views

CVE-2005-3404

Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php.

7.5CVSS7AI score0.09524EPSS

CVE•added 2005/09/16 10:3 p.m.•37 views

CVE-2005-2955

config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute arbitrary code by uploading files with other executable extensions such as .inc, .php4, or others.

4.6CVSS7.9AI score0.0009EPSS

CVE•added 2006/07/10 8:5 p.m.•37 views

CVE-2006-3484

Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) show_courses or (2) current_cat parameters to (a) admin/create_course.php, show_courses parameter to (b) users/create_course.php, (3) p parameter to (...

2.6CVSS6AI score0.01148EPSS

CVE•added 2006/07/25 1:22 p.m.•36 views

CVE-2006-3821

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in (a) index_list.php and (2) year, (3) month, and (4) day parameter in (b) registration.php.

4.3CVSS6AI score0.00507EPSS