Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor prior to 2.2.2 allows remote malicious users to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atutor atutor |