Lucene search
K
AtutorAcontent

6 matches found

CVE
CVE
added 2012/10/22 11:0 p.m.52 views

CVE-2012-5168

CVE-2012-5168 affects ATutor AContent prior to 1.2-1. It enables remote attackers to modify arbitrary user passwords or category names by sending crafted requests to (1) user/index_inline_editor_submit.php or (2) course_category/index_inline_editor_submit.php. The vulnerability arises from insuff...

7.5CVSS6.6AI score0.03384EPSS
CVE
CVE
added 2012/10/22 11:0 p.m.52 views

CVE-2012-5169

CVE-2012-5169 affects ATutor AContent (ATutor) prior to/including 1.2-2, specifically the file_manager/preview_top.php XSS via GET parameters pathext, popup, framed, or file. The flaw stems from improper sanitisation of user-controlled input returned to the browser, enabling arbitrary script exec...

4.3CVSS5.7AI score0.02135EPSS
Web
CVE
CVE
added 2012/10/22 11:0 p.m.51 views

CVE-2012-5167

ATutor AContent before 1.2-1 contains multiple SQL injection vulnerabilities. An attacker can trigger SQL commands via (1) course_category/index_inline_editor_submit.php field parameter, (2) user/index_inline_editor_submit.php field parameter, or (3) user/user_password.php id parameter. Root caus...

7.5CVSS8.5AI score0.04697EPSS
CVE
CVE
added 2020/03/16 2:31 p.m.47 views

CVE-2020-10557

CVE-2020-10557 affects AContent up to version 1.4. The issue is an arbitrary file upload vulnerability in the file manager’s upload.php, where the .php7 extension bypasses upload restrictions, enabling a low-privileged user to run commands on the server. Red Hat and other feeds corroborate the sa...

8.8CVSS8.7AI score0.01373EPSS
CVE
CVE
added 2012/10/22 11:0 p.m.45 views

CVE-2012-5453

CVE-2012-5453 details a SQL injection in ATutor AContent 1.2-1 via the field parameter in user/index_inline_editor_submit.php. It is tied to an incomplete fix for CVE-2012-5167 and allows remote authenticated users to execute arbitrary SQL commands. NVD lists a base score of 6.5 (MEDIUM). Connect...

6.5CVSS8.1AI score0.02738EPSS
CVE
CVE
added 2012/10/22 11:0 p.m.44 views

CVE-2012-5454

CVE-2012-5454 affects ATutor AContent 1.2-1 where user/index_inline_editor_submit.php does not properly restrict access, enabling remote authenticated users to modify arbitrary user passwords via a crafted request. This vulnerability is noted as potentially related to an incomplete fix for CVE-20...

6.5CVSS6.3AI score0.02029EPSS