Description
SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.
Remediation
References
Related Vulnerabilities
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-4042)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1429)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-20281)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Information Disclosure (5.1.2)
WordPress Plugin Share Buttons by AddThis Cross-Site Scripting (4.0.7)