Published: 22/10/2012 Updated: 29/08/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

ATutor AContent prior to 1.2-1 allows remote malicious users to modify arbitrary user passwords or category names via a direct request to (1) user/index_inline_editor_submit.php or (2) course_category/index_inline_editor_submit.php.

Vulnerable Product Search on Vulmon Subscribe to Product

atutor acontent

Mailing Lists

ATutor AContent versions 12 and below suffer from improper authentication, cross site scripting, and remote SQL injection vulnerabilities ...