CVE-2006-5734

Name of the Vulnerable Software and Affected Versions: ATutor version 1.5.3.2

Description: The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via several parameters in different PHP files, including the section parameter in "documentation/common/frame toc.php" and "documentation/common/search.php", the req lang parameter in "documentation/common/search.php" and "documentation/common/vitals.inc.php", the row[dir name] parameter in "include/classes/module/module.class.php", and the lang path parameter in "include/classes/phpmailer/class.phpmailer.php".

Recommendations: For ATutor version 1.5.3.2, consider disabling the vulnerable parameters section, req lang, row[dir name], and lang path in their respective files until a patch is available. Restrict access to the affected PHP files to minimize the risk of exploitation. Avoid using the specified parameters in the affected API endpoints until the issue is resolved.