PT-2006-4529 · Atutor · Atutor
Published
2006-07-17
·
Updated
2024-08-07
·
CVE-2006-3662
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ATutor version 1.5.3
Description
A SQL injection issue in index.php allows remote attackers to execute arbitrary SQL commands via the
fid parameter. The vendor has disputed this issue, stating it is not possible, but the source code suggests it may be legitimate. The parameter is cleansed in version 1.5.3.1.Recommendations
For ATutor version 1.5.3, update to version 1.5.3.1 to resolve the issue. As a temporary workaround, consider restricting access to the
fid parameter in the index.php file until the update can be applied.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Atutor