Atutor Acontent vulnerabilities
6 known vulnerabilities affecting atutor/acontent.
Total CVEs
6
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2012-5167P3HIGHCVSS 7.5PoC≤ 1.22012-10-22
CVE-2012-5167 [HIGH] CWE-89 CVE-2012-5167: Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to exe
Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to execute arbitrary SQL commands via the (1) field parameter to course_category/index_inline_editor_submit.php or (2) user/index_inline_editor_submit.php; or (3) id parameter to user/user_password.php.
nvd
CVE-2012-5168P3HIGHCVSS 7.5PoC≤ 1.22012-10-22
CVE-2012-5168 [HIGH] CWE-264 CVE-2012-5168: ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category
ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to (1) user/index_inline_editor_submit.php or (2) course_category/index_inline_editor_submit.php.
nvd
CVE-2012-5453P3MEDIUMCVSS 6.5PoCv1.22012-10-22
CVE-2012-5453 [MEDIUM] CVE-2012-5453: SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows r
SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167.
nvd
CVE-2020-10557P3HIGHCVSS 8.8≤ 1.42020-03-16
CVE-2020-10557 [HIGH] CWE-434 CVE-2020-10557: An issue was discovered in AContent through 1.4. It allows the user to run commands on the server wi
An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions.
nvd
CVE-2012-5169P4MEDIUMCVSS 4.3PoC≤ 1.2v1.22012-10-22
CVE-2012-5169 [MEDIUM] CWE-79 CVE-2012-5169: Multiple cross-site scripting (XSS) vulnerabilities in file_manager/preview_top.php in ATutor AConte
Multiple cross-site scripting (XSS) vulnerabilities in file_manager/preview_top.php in ATutor AContent before 1.2-2 allow remote attackers to inject arbitrary web script or HTML via the (1) pathext, (2) popup, (3) framed, or (4) file parameter.
nvd
CVE-2012-5454P3MEDIUMCVSS 6.5v1.22012-10-22
CVE-2012-5454 [MEDIUM] CVE-2012-5454: user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, whic
user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. NOTE: this might be due to an incomplete fix for CVE-2012-5168.
nvd