ATutor < 1.5.1-pl1 Multiple Flaws Network Vulnerability

Summary

The remote web server contains a PHP application that is prone to multiple flaws. Description : The remote host is running ATutor, an open-source web-based Learning Content Management System (LCMS) written in PHP. The version of ATutor installed on the remote host may be vulnerable to arbitrary command execution, arbitrary file access, and cross-site scripting attacks. Successful exploitation of the first two issues requires that PHP's 'register_globals' setting be enabled and, in some cases, that 'magic_quotes_gpc' be disabled.

Solution

Apply patch 1.5.1-pl1 or upgrade to version 1.5.2 or later.

References

http://secunia.com/secunia_research/2005-55/advisory/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2005-3403, CVE-2005-3404, CVE-2005-3405
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

4psa Voipnow Local File Inclusion Vulnerability
AjaxPortal 'di.php' File Inclusion Vulnerability
ASUS RT56U Router Multiple Vulnerabilities
Adobe ColdFusion Information Disclosure Vulnerability
ATutor password reminder SQL injection

Take action and discover your vulnerabilities