CVE-2005-4155

Name of the Vulnerable Software and Affected Versions ATutor version 1.5.1 pl2

Description The issue allows remote attackers to execute arbitrary SQL commands by providing an e-mail address that ends in a NULL character, bypassing the PHP regular expression check in the registration.PHP file.

Recommendations For ATutor version 1.5.1 pl2, consider validating user input to prevent the injection of NULL characters in e-mail addresses as a temporary workaround until a patch is available. Restrict access to the registration.PHP file to minimize the risk of exploitation.