Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
606
VMScore

CVE-2019-12169

Published: 03/06/2019 Updated: 14/02/2024
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Atutor

Vulnerability Summary

ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

atutor atutor

Exploits

Exploit DB: ATutor 2.2.4 Arbitrary File Upload / Command Execution
ATutor version 224 suffers from a language_import arbitrary file upload that allows for command execution ...

Github Repositories

https://github.com/fuzzlove/ATutor-2.2.4-Language-Exploit

ATutor 2.2.4 Arbitrary File Upload / RCE (CVE-2019-12169)

ATutor 224 Arbitrary File Upload / RCE (CVE-2019-12169) Exploit Title: ATutor 224 Arbitrary File Upload / RCE [CVE-2019-12169] Date: 5/24/19 Exploit Author: liquidsky (JMcPeters) Vendor Homepage: atutorgithubio/ Software Link: sourceforgenet/projects/atutor/files/latest/download Version: 224 Tested on: Windows 8 / Apache / MySQL (XAMPP) CVE : CVE-2019-

https://github.com/fuzzlove/ATutor-Instructor-Backup-Arbitrary-File

ATutor 2.2.4 'Backup' Remote Command Execution (CVE-2019-12170)

ATutor-Instructor-Backup-Exploit Exploit Title: ATutor 224 'Backup' Remote Command Execution (CVE-2019-12170) Google Dork: inurl:/ATutor/loginphp Date: 5/13/2019 Exploit Author: liquidsky (Joseph McPeters) Vendor Homepage: atutorgithubio/ Software Link: sourceforgenet/projects/atutor/files/latest/download Version: < 224 (Versions 224

References

CWE-22https://github.com/fuzzlove/ATutor-2.2.4-Language-Exploithttps://github.com/fuzzlovehttp://incidentsecurity.com/atutor-2-2-4-language_import-arbitrary-file-upload-rce/http://packetstormsecurity.com/files/153870/ATutor-2.2.4-Arbitrary-File-Upload-Command-Execution.htmlhttp://packetstormsecurity.com/files/158246/ATutor-2.2.4-Directory-Traversal-Remote-Code-Execution.htmlhttps://nvd.nist.govhttps://github.com/fuzzlove/ATutor-2.2.4-Language-Exploithttps://packetstormsecurity.com/files/153870/ATutor-2.2.4-Arbitrary-File-Upload-Command-Execution.html
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook