CVE-2006-3821

Name of the Vulnerable Software and Affected Versions ATutor version 1.5.3

Description The issue allows remote attackers to inject arbitrary web script or HTML. This is achieved via the lang parameter in "index list.php" and the year, month, and day parameters in "registration.php".

Recommendations For ATutor version 1.5.3, as a temporary workaround, consider restricting access to the vulnerable parameters lang, year, month, and day in the affected scripts until a patch is available. Avoid using these parameters in the "index list.php" and "registration.php" scripts until the issue is resolved.