Lucene search

K

10 matches found

CVE
CVE
added 2017/10/03 1:29 a.m.53 views

CVE-2017-14981

Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data (url in /mods/_standard/rss_feeds/edit_feed.php). An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website.

5.4CVSS5.2AI score0.00206EPSS
CVE
CVE
added 2017/02/07 3:59 p.m.49 views

CVE-2016-2539

Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file.

8.8CVSS9.1AI score0.00213EPSS
CVE
CVE
added 2017/04/13 2:59 p.m.47 views

CVE-2016-2555

SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.

9.8CVSS9.9AI score0.7874EPSS
CVE
CVE
added 2017/10/10 4:29 p.m.43 views

CVE-2015-6521

Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS version 2.2.

5.4CVSS5.4AI score0.00206EPSS
CVE
CVE
added 2017/03/05 8:59 p.m.42 views

CVE-2017-6483

Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (lang_code in themes/*/admin/system_preferences/language_edit.tmpl.php). An attacker could execute arbitrary HTML and sc...

6.1CVSS6AI score0.00301EPSS
CVE
CVE
added 2017/07/17 1:18 p.m.39 views

CVE-2017-1000002

ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in informatio...

9.8CVSS9.3AI score0.0212EPSS
CVE
CVE
added 2017/07/17 1:18 p.m.39 views

CVE-2017-1000003

ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Module component resu...

9.8CVSS9.3AI score0.00282EPSS
CVE
CVE
added 2017/07/17 1:18 p.m.36 views

CVE-2017-1000004

ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend Searc...

9.8CVSS9.7AI score0.02219EPSS
CVE
CVE
added 2017/07/22 5:29 p.m.35 views

CVE-2016-10400

Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= after the traversal attack.

7.5CVSS7.4AI score0.00533EPSS
CVE
CVE
added 2017/08/31 10:29 p.m.30 views

CVE-2015-7711

Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter.

6.1CVSS6AI score0.00912EPSS