Description

Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and earlier allow remote authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary PHP code via the (1) asc or (2) desc parameter.

Remediation

References

CVE-2015-7712

Related Vulnerabilities

WordPress Plugin Calendar Unspecified Vulnerability (1.3.10)

WordPress Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-0491)

Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2023-28334)

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.27)

WordPress Plugin Gift Vouchers (Gift Cards and Packages) (WooCommerce Supported) SQL Injection (1.0.5)

Severity

Medium

Classification

CVE-2015-7712

Tags

Missing Update Known Vulnerabilities