Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
acontent vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2012-5169
Multiple cross-site scripting (XSS) vulnerabilities in file_manager/preview_top.php in ATutor AContent prior to 1.2-2 allow remote malicious users to inject arbitrary web script or HTML via the (1) pathext, (2) popup, (3) framed, or (4) file parameter.
Atutor Acontent 1.2
Atutor Acontent
755
VMScore
CVE-2012-5167
Multiple SQL injection vulnerabilities in ATutor AContent prior to 1.2-1 allow remote malicious users to execute arbitrary SQL commands via the (1) field parameter to course_category/index_inline_editor_submit.php or (2) user/index_inline_editor_submit.php; or (3) id parameter to...
Atutor Acontent
1 EDB exploit
668
VMScore
CVE-2012-5168
ATutor AContent prior to 1.2-1 allows remote malicious users to modify arbitrary user passwords or category names via a direct request to (1) user/index_inline_editor_submit.php or (2) course_category/index_inline_editor_submit.php.
Atutor Acontent
578
VMScore
CVE-2020-10557
An issue exists in AContent up to and including 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file uploa...
Atutor Acontent
655
VMScore
CVE-2012-5453
SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167.
Atutor Acontent 1.2
1 EDB exploit
578
VMScore
CVE-2012-5454
user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. NOTE: this might be due to an incomplete fix for CVE-2012-5168.
Atutor Acontent 1.2
NA
CVE-2012-51682
ATutor AContent versions 1.2 and below suffer from improper authentication, cross site scripting, and remote SQL injection vulnerabilities.
NA
CVE-2012-51671
ATutor AContent versions 1.2 and below suffer from improper authentication, cross site scripting, and remote SQL injection vulnerabilities.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started