cbcvebase.

Adaptive Technology Resource Centre Atutor vulnerabilities

14 known vulnerabilities affecting adaptive_technology_resource_centre/atutor.

Total CVEs
14
CISA KEV
0
Public exploits
9
Exploited in wild
0
Severity breakdown
HIGH6MEDIUM7LOW1

Vulnerabilities

Page 1 of 1
CVE-2005-3404P3HIGHCVSS 7.5PoCv1.4.1v1.4.2+3 more2005-11-01
CVE-2005-3404 [HIGH] CVE-2005-3404: Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php.
nvd
CVE-2005-2954P3HIGHCVSS 7.5PoCv1.5.12005-09-16
CVE-2005-2954 [HIGH] CVE-2005-2954: SQL injection vulnerability in password_reminder.php in ATutor before 1.5.1 pl1 allows remote attack SQL injection vulnerability in password_reminder.php in ATutor before 1.5.1 pl1 allows remote attackers to execute arbitrary SQL commands via the email field.
nvd
CVE-2005-4155P3HIGHCVSS 7.5PoCv1.5.1_pl22005-12-11
CVE-2005-4155 [HIGH] CVE-2005-4155: registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via a registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a vulnerability in ATutor.
nvd
CVE-2006-3662P3HIGHCVSS 7.5PoCv1.5.32006-07-18
CVE-2006-3662 [HIGH] CVE-2006-3662: SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrar SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states "The mentioned SQL injection vulnerability is not possible." However, the relevant source code suggests that this issue may be legitimate, and the parameter is clea
nvd
CVE-2006-3996P3MEDIUMCVSS 6.5PoC≤ 1.5.3.12006-08-05
CVE-2006-3996 [MEDIUM] CVE-2006-3996: SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authentic SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters.
nvd
CVE-2005-2956P4MEDIUMCVSS 5.0PoCv1.5.12005-09-16
CVE-2005-2956 [MEDIUM] CVE-2005-2956: ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files.
nvd
CVE-2005-2044P4MEDIUMCVSS 4.3PoCv1.4.3v1.5_rc_12005-06-16
CVE-2005-2044 [MEDIUM] CVE-2005-2044: Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attack Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attackers to inject arbitrary web script or HTML via the (1) show_course parameter to browse.php, (2) subject parameter to contact.php, (3) cid parameter to content.php, (4) l parameter to inbox/send_message.php, the (5) search, (6) words, (7) include, (8) find_in, (
nvd
CVE-2005-2649P4MEDIUMCVSS 4.3PoCv1.5.12005-08-23
CVE-2005-2649 [MEDIUM] CVE-2005-2649: Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via (1) course parameter in login.php or (2) words parameter in search.php.
nvd
CVE-2006-3484P4LOWCVSS 2.6PoCv1.5.1v1.5.1_pl1+2 more2006-07-10
CVE-2006-3484 [LOW] CVE-2006-3484: Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) show_courses or (2) current_cat parameters to (a) admin/create_course.php, show_courses parameter to (b) users/create_course.php, (3) p parameter to (c) documentation/admin/, (4) forgot parameter to (d) password_rem
nvd
CVE-2007-0381P4HIGHCVSS 7.5v1.5.3.22007-01-19
CVE-2007-0381 [HIGH] CVE-2007-0381: Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: CVE analysis suggests that the vendor fixed these issues.
nvd
CVE-2006-5734P4HIGHCVSS 7.5v1.5.3.22006-11-06
CVE-2006-5734 [HIGH] CVE-2006-5734: Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execu Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php, the (2) req_lang parameter in documentation/common/search.php and (c) documentation/common/vitals.inc.php, the (3) row[
nvd
CVE-2005-2955P4MEDIUMCVSS 4.6v1.5.12005-09-16
CVE-2005-2955 [MEDIUM] CVE-2005-2955: config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute arbitrary code by uploading files with other executable extensions such as .inc, .php4, or others.
nvd
CVE-2005-3403P4MEDIUMCVSS 4.3v1.4.1v1.4.2+3 more2005-11-01
CVE-2005-3403 [MEDIUM] CVE-2005-3403: Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote a Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the _base_href parameter in translate.php, (2) the _base_path parameter in news.inc.php, and (3) the p parameter in add_note.php.
nvd
CVE-2006-3821P4MEDIUMCVSS 4.3v1.4.1v1.4.2+6 more2006-07-25
CVE-2006-3821 [MEDIUM] CVE-2006-3821: Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in (a) index_list.php and (2) year, (3) month, and (4) day parameter in (b) registration.php.
nvd
Adaptive Technology Resource Centre Atutor vulnerabilities | cvebase