Description
ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure.
Remediation
References
Related Vulnerabilities
PHP Use After Free Vulnerability (CVE-2016-6290)
Artifactory Incorrect Default Permissions Vulnerability (CVE-2021-46270)
WordPress Plugin Related Posts for WordPress Cross-Site Scripting (2.0.3)
WordPress Plugin Sell Downloads Cross-Site Scripting (1.0.86)
Perl Improper Certificate Validation Vulnerability (CVE-2023-31486)