CVE-2005-2955

Name of the Vulnerable Software and Affected Versions ATutor versions 1.5.1 and earlier

Description The issue arises from an incomplete blacklist used to check for dangerous file extensions in the config.inc.php file. This allows authenticated administrators or educators to execute arbitrary code by uploading files with executable extensions such as .inc, .php4, or others.

Recommendations For ATutor versions 1.5.1 and earlier, update the blacklist in config.inc.php to include all executable file extensions to prevent the upload of malicious files. As a temporary workaround, consider restricting file uploads to only trusted users or disabling the file upload feature until a comprehensive fix is applied.