ATutor version 2.2.4 suffers from a language_import arbitrary file upload that allows for command execution.
68b1f5ef4f43ce98748eca51235dfb77dab8a8340683912b52e996264a98eec7
This Metasploit module exploits an arbitrary file upload vulnerability together with a directory traversal flaw in ATutor versions 2.2.4, 2.2.2 and 2.2.1 in order to execute arbitrary commands.
344a78946baa67ebb531073dad88904763b7f86e0bf52c4f8197e8fc0c0f179d
ATutor LMS version 2.2.4 suffers from having a weak password reset hash.
695d43c107bcbb8c5b7a5b23041b58961922c09223a6f7f84fa51fde122cb2f4
ATutor version 2.2.4 suffers from a remote SQL injection vulnerability.
e1926912b31ec559709af89d502a88acfe99b72aab9f35f9d21f289e65d21149
ATutor version 2.2.4 suffers from a backup functionality remote command execution vulnerability.
06e7c86f7744d78ae2778cf7d8005061d4ab736263b7669b8d90987a354be32a
This Metasploit module allows the user to run commands on the server with the teacher user privilege. The 'Upload files' section in the 'File Manager' field contains an arbitrary file upload vulnerability.
e818dbce1a6208f6186c65252ddd95a25f1f0b84f2a4a999e93d6590533bfe01
ATutor version 2.2.2 cross site request forgery proof of concept that adds a new course.
edeaafd30bd276a781e2af3947baa3ee22af8623bdfa3c720579cc2bc6a1a0ad
Atutor version 2.2.1 suffers from a path traversal vulnerability.
7d2dc31a94a36d60ffffd314cd5eefeb8657f7e9d1c878147cc716b00e4d2e23
This Metasploit module exploits a directory traversal vulnerability in ATutor on an Apache/PHP setup with display_errors set to On, which can be used to allow us to upload a malicious ZIP file. On the web application, a blacklist verification is performed before extraction, however it is not sufficient to prevent exploitation. You are required to login to the target to reach the vulnerability, however this can be done as a student account and remote registration is enabled by default. Just in case remote registration isn't enabled, this module uses 2 vulnerabilities in order to bypass the authentication.
785e70dc713dbe9859a24caed94df37a4548874034fcd9af2cb5fcfe2e29d3b8
ATutor LMS versions 2.2.1 and below cross site request forgery remote code execution exploit that leverages install_modules.php.
a2979fb7ec37494a903eb30ee43ad91332dca8b48a2bc6b4adfe613fa9fc6001
This Metasploit module exploits a SQL Injection vulnerability and an authentication weakness vulnerability in ATutor. This essentially means an attacker can bypass authentication and reach the administrators interface where they can upload malicious code. You are required to login to the target to reach the SQL Injection, however this can be done as a student account and remote registration is enabled by default.
a6c389a060af6250a11b90dc368c3767a38101c233bf56de262525913aae7d39
Atutor version 2.2 suffers from a cross site scripting vulnerability.
50ffe9f30ffc04cbef2b00aabb0430927dda4e691a9a92e61ad6aaff6e67387d
ATutor versions 2.2 and below suffer from a remote php code injection vulnerability.
d68f51a39b755fe477331334371a85a9867f5564885f7740eefbf41a2c9a3341
ATutor versions 2.2 and below suffer from a cross site scripting vulnerability.
3f019a580730a65969fb1ee296eee1f664af50dc8c239571889044cbaa6c68b0
ATutor versions 2.2 and below suffer from a session variable overloading vulnerability.
fbaac07ae5c801f3305296ae4796cdbada7788e75ace0989665efa6ffddd79c9
ATutor versions 2.2 and below suffer from a remote unrestricted file upload vulnerability.
bfe91d27b6015c2947337a14fd42a2923a402b9ed2d98972883b08ff15515b82
ATutor LCMS version 2.2 suffers from a cross site request forgery vulnerability.
44ffb91b51da80df29764e37e1a573311e6d31e296f500dfaa2f621352facdf5
ATutor version 2.1.1 suffers from multiple cross site scripting vulnerabilities.
7772d5d04726dc9eca9f992b4b09c7718cd6b7879c83584b7b588b41971c633d
Secunia Security Advisory - A vulnerability has been discovered in ATutor, which can be exploited by malicious users to disclose certain sensitive information.
0242fa8a2a3d4c876ff98d99942f763199419c74b87c342400f1f61cd4f48c47
ATutor AContent versions 1.2 and below suffer from improper authentication, cross site scripting, and remote SQL injection vulnerabilities.
f884299c5d9976c978753e2b78b0f47541e45479ec64ddb6f85cd4a678ba506e
ATutor version 2.0.3 suffers from a cross site scripting vulnerability.
25ed6e587c012b65b116ba47695efccbeb5d93134c0cc3757f392ded9edb4581
Secunia Security Advisory - Stefan Schurtz has discovered some vulnerabilities in ATutor, which can be exploited by malicious people to conduct cross-site scripting attacks.
2fd5b2d3baff5e98cd1607e4996f3e5326c9101aee3a0a2a5a5d007f5ed4d990
ATutor version 2.0.3 suffers from multiple cross site scripting vulnerabilities.
4cfa3c57e77b9ceeffcd356fee640940bff182ff0b242d58af97760fcf03225f
ATutor version 2.0.2 suffers from a HTTP response splitting vulnerability.
da8399ab3bad548b518a4945303c6c748c100bc0caaeae91414d81c717c8ce1e
ATutor version 2.0.2 suffers from cross site scripting, path disclosure, and remote SQL injection vulnerabilities.
156e8ca29442c39dd68f426ab627536ea459ec2f62caf6d738900896523fcea0
ATutor AChecker version 1.2 suffers from cross site scripting and path disclosure vulnerabilities.
f051fdf159320c7c589e285d8b88bea2bf95dbf5dda51944394344650d558b95