Description

Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and earlier allow remote authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary PHP code via the (1) asc or (2) desc parameter.

Remediation

References

CVE-2015-7712

Related Vulnerabilities

WordPress Plugin eHive Account Details Cross-Site Scripting (2.1.2)

WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.154)

XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-29524)

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-46147)

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3838)

Severity

Medium

Classification

CVE-2015-7712

Tags

Missing Update Known Vulnerabilities