CVE-2012-5453

Name of the Vulnerable Software and Affected Versions ATutor AContent versions 1.2-1

Description A SQL injection issue exists, allowing remote authenticated users to execute arbitrary SQL commands via the field parameter in the user/index inline editor submit.php file. This issue is a result of an incomplete fix for a previous security problem.

Recommendations For ATutor AContent versions 1.2-1, consider restricting access to the user/index inline editor submit.php file until a proper fix is applied, and avoid using the field parameter in this context to minimize the risk of exploitation.