Description
ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure.
Remediation
References
Related Vulnerabilities
WordPress 4.8.x PHP Object Injection (4.8 - 4.8.16)
Craft CMS Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2021-41824)
WordPress Plugin Advanced Booking Calendar SQL Injection (1.6.1)
WordPress Plugin Salon Booking System Multiple Information Disclosure Vulnerabilities (7.6.2)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5478)