ATutor password reminder SQL injection

The remote host contains a PHP script vulnerable to a SQL injection vulnerability. Description : The remote host is running ATutor, an open source web-based Learning Content Management System (LCMS) designed with accessibility and adaptability in mind. The remote version of this software contains an input validation flaw in the 'password_reminder.php' script. This vulnerability occurs only when 'magic_quotes_gpc' is set to off in the 'php.ini' configuration file. A malicious user can exploit this flaw to manipulate SQL queries and steal any user's password.
Upgrade to ATutor 1.5.1 pl1 or later