PT-2005-4854 · Atutor · Atutor

Published

2005-12-11

Updated

2008-09-05

CVE-2005-4155

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ATutor version 1.5.1 pl2

Description The issue allows remote attackers to execute arbitrary SQL commands by providing an e-mail address that ends in a NULL character, bypassing the PHP regular expression check in the registration.PHP file.

Recommendations For ATutor version 1.5.1 pl2, consider validating user input to prevent the injection of NULL characters in e-mail addresses as a temporary workaround until a patch is available. Restrict access to the registration.PHP file to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-4155

Affected Products

Atutor

PT-2005-4854 · Atutor · Atutor

CVE-2005-4155

Related Identifiers

Affected Products

References · 7