PT-2005-4202 · Atutor · Atutor

Andreas Sandblad

Published

2005-11-01

Updated

2016-10-18

CVE-2005-3404

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ATutor versions 1.4.1 through 1.5.1-pl1

Description The issue allows remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in files such as body header.inc.php and print.php.

Recommendations For ATutor versions 1.4.1 through 1.5.1-pl1, consider restricting access to the section parameter to prevent the inclusion of arbitrary files until a patch is available. Avoid using the section parameter followed by a null byte (%00) in the affected files, such as body header.inc.php and print.php, to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-3404

Affected Products

Atutor

PT-2005-4202 · Atutor · Atutor

CVE-2005-3404

Related Identifiers

Affected Products

References · 13