Description

In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution. This occurs because install/include/header.php does not restrict certain changes (to db_host, db_login, db_password, and content_dir) within install/include/step5.php.

Remediation

References

CVE-2019-16114

Related Vulnerabilities

MySQL CVE-2015-0405 Vulnerability (CVE-2015-0405)

osCommerce Other Vulnerability (CVE-2004-2021)

osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-22608)

WordPress Plugin Download Shortcode Local File Inclusion (0.2.3)

WordPress Plugin Login With Ajax Cross-Site Scripting (3.0.4)

Severity

Critical

Classification

CVE-2019-16114 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities