Description

Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and earlier allow remote authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary PHP code via the (1) asc or (2) desc parameter.

Remediation

References

CVE-2015-7712

Related Vulnerabilities

Oracle Database Server CVE-2021-2234 Vulnerability (CVE-2021-2234)

silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-36150)

WordPress Plugin Display Widgets Spam Links Injection (2.6.3.1)

PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2011-0754)

Joomla Exposure of Resource to Wrong Sphere Vulnerability (CVE-2020-10238)

Severity

Medium

Classification

CVE-2015-7712

Tags

Missing Update Known Vulnerabilities