Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atutor atutor vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2015-7712
Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and previous versions allow remote authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary PHP code via the (1) asc or (2) desc parameter.
Atutor Atutor
578
VMScore
CVE-2014-9752
Unrestricted file upload vulnerability in mods/_core/properties/lib/course.inc.php in ATutor prior to 2.2 patch 6 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension as a customicon for a new course, then accessing it via a dir...
Atutor Atutor
383
VMScore
CVE-2020-23341
A reflected cross site scripting (XSS) vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Atutor Atutor
445
VMScore
CVE-2016-10400
Directory Traversal exists in ATutor prior to 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= after the traversal attack.
Atutor Atutor
668
VMScore
CVE-2014-9753
confirm.php in ATutor 2.2 and previous versions allows remote malicious users to bypass authentication and gain access as an existing user via the auto_login parameter.
Atutor Atutor
668
VMScore
CVE-2017-1000002
ATutor versions 2.2.1 and previous versions are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and previous versions are vulnerable to a directory traversal vulnerability in the Course...
Atutor Atutor
578
VMScore
CVE-2019-11446
An issue exists in ATutor up to and including 2.2.4. It allows the user to run commands on the server with the teacher user privilege. The Upload Files section in the File Manager field contains an arbitrary file upload vulnerability via upload.php. The $IllegalExtensions value o...
Atutor Atutor
685
VMScore
CVE-2016-2539
Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor prior to 2.2.2 allows remote malicious users to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file.
Atutor Atutor
1 EDB exploit
383
VMScore
CVE-2019-7172
A stored-self XSS exists in ATutor through v2.2.4, allowing an malicious user to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php.
Atutor Atutor
383
VMScore
CVE-2017-6483
Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (lang_code in themes/*/admin/system_preferences/language_edit.tmpl.php). An attacker could execute ar...
Atutor Atutor
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »