Description

In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution. This occurs because install/include/header.php does not restrict certain changes (to db_host, db_login, db_password, and content_dir) within install/include/step5.php.

Remediation

References

CVE-2019-16114

Related Vulnerabilities

WordPress Plugin Sell Photo Cross-Site Scripting (1.0.5)

MySQL CVE-2024-20996 Vulnerability (CVE-2024-20996)

Oracle Application Server CVE-2008-0344 Vulnerability (CVE-2008-0344)

MySQL CVE-2019-2948 Vulnerability (CVE-2019-2948)

ownCloud Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-31649)

Severity

Critical

Classification

CVE-2019-16114 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities