6 matches found
CVE-2012-5168
CVE-2012-5168 affects ATutor AContent prior to 1.2-1. It enables remote attackers to modify arbitrary user passwords or category names by sending crafted requests to (1) user/index_inline_editor_submit.php or (2) course_category/index_inline_editor_submit.php. The vulnerability arises from insuff...
CVE-2012-5169
CVE-2012-5169 affects ATutor AContent (ATutor) prior to/including 1.2-2, specifically the file_manager/preview_top.php XSS via GET parameters pathext, popup, framed, or file. The flaw stems from improper sanitisation of user-controlled input returned to the browser, enabling arbitrary script exec...
CVE-2012-5167
ATutor AContent before 1.2-1 contains multiple SQL injection vulnerabilities. An attacker can trigger SQL commands via (1) course_category/index_inline_editor_submit.php field parameter, (2) user/index_inline_editor_submit.php field parameter, or (3) user/user_password.php id parameter. Root caus...
CVE-2020-10557
CVE-2020-10557 affects AContent up to version 1.4. The issue is an arbitrary file upload vulnerability in the file manager’s upload.php, where the .php7 extension bypasses upload restrictions, enabling a low-privileged user to run commands on the server. Red Hat and other feeds corroborate the sa...
CVE-2012-5453
CVE-2012-5453 details a SQL injection in ATutor AContent 1.2-1 via the field parameter in user/index_inline_editor_submit.php. It is tied to an incomplete fix for CVE-2012-5167 and allows remote authenticated users to execute arbitrary SQL commands. NVD lists a base score of 6.5 (MEDIUM). Connect...
CVE-2012-5454
CVE-2012-5454 affects ATutor AContent 1.2-1 where user/index_inline_editor_submit.php does not properly restrict access, enabling remote authenticated users to modify arbitrary user passwords via a crafted request. This vulnerability is noted as potentially related to an incomplete fix for CVE-20...