Description
SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.
Remediation
References
Related Vulnerabilities
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-14820)
WordPress Plugin Eshop Magic Arbitrary File Disclosure (0.1)
Liferay Portal Incorrect Authorization Vulnerability (CVE-2021-33335)
WordPress Plugin WP Ultimate Exporter Cross-Site Scripting (1.0)
WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Cross-Site Scripting (1.5.5)