The remote host contains a PHP script vulnerable to a SQL injection vulnerability. Description : The remote host is running ATutor, an open source web-based Learning Content Management System (LCMS) designed with accessibility and adaptability in mind. The remote version of this software contains an input validation flaw in the 'password_reminder.php' script. This vulnerability occurs only when 'magic_quotes_gpc' is set to off in the 'php.ini' configuration file. A malicious user can exploit this flaw to manipulate SQL queries and steal any user's password.
Upgrade to ATutor 1.5.1 pl1 or later
- Apache Archiva Multiple Remote Command Execution Vulnerabilities
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
- Adobe ColdFusion Multiple Vulnerabilities-01 May-2014
- Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
- AlefMentor Multiple SQL Injection Vulnerabilities