7.5
CVSSv2

CVE-2005-3404

Published: 01/11/2005 Updated: 18/10/2016
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 760
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 up to and including 1.5.1-pl1 allow remote malicious users to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php.

Vulnerable Product Search on Vulmon Subscribe to Product

adaptive technology resource centre atutor 1.4.1

adaptive technology resource centre atutor 1.4.2

adaptive technology resource centre atutor 1.4.3

adaptive technology resource centre atutor 1.5.1

adaptive technology resource centre atutor 1.5.1_pl1

Exploits

source: wwwsecurityfocuscom/bid/15221/info ATutor is prone to multiple vulnerabilities These issues can allow remote attackers to execute arbitrary PHP commands and carry out local file include and cross-site scripting attacks ATutor 151-pl1 and prior versions are affected wwwexamplecom/documentation/common/printp ...
source: wwwsecurityfocuscom/bid/15221/info ATutor is prone to multiple vulnerabilities These issues can allow remote attackers to execute arbitrary PHP commands and carry out local file include and cross-site scripting attacks ATutor 151-pl1 and prior versions are affected wwwexamplecom/documentation/common/body_heade ...