registration.PHP in ATutor 1.5.1 pl2 allows remote malicious users to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a vulnerability in ATutor.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adaptive technology resource centre atutor 1.5.1_pl2 |