PT-2017-8054 · Atutor · Atutor
Mr_Me
·
Published
2017-04-13
·
Updated
2024-02-14
·
CVE-2016-2555
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ATutor version 2.2.1
Description
A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved through the
searchFriends function to friends.inc.php.Recommendations
For ATutor version 2.2.1, consider disabling the
searchFriends function in friends.inc.php until a patch is available to prevent potential SQL injection attacks.Exploit
Fix
RCE
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Atutor