CVE-2017-1000004

Name of the Vulnerable Software and Affected Versions ATutor versions 2.2.1 and earlier

Description The issue affects multiple components of ATutor, including the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend Search, Social Group Search, File Comment, Gradebook Test Title, User Group Membership, Inbox/Sent Items, Sent Messages, Links, Photo Album, Poll, Social Application, Social Profile, Test, Content Menu, Auto-Login, and Gradebook. It results in a SQL injection vulnerability, potentially leading to information disclosure, database modification, or code execution.

Recommendations For ATutor versions 2.2.1 and earlier, update to a version later than 2.2.1 to resolve the SQL injection vulnerability in the affected components.