Atutor AContent Multiple SQL Injection and XSS Vulnerabilities

Summary
This host is running Atutor AContent and is prone to multiple cross site scripting and SQL injection vulnerabilities.
Impact
Successful exploitation will let attackers to execute arbitrary script code or to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Impact Level: Application
Solution
Upgrade to Atutor AContent version 1.2 or later. For updates refer to http://www.atutor.ca
Insight
Multiple flaws are due to an, - Input passed via multiple parameters in multiple scripts is not properly sanitised before being used in SQL queries. - Input passed via multiple parameters in multiple scripts via GET and POST method is not properly sanitised before being used.
Affected
Atutor AContent version 1.1 (build r296)
References