PT-2020-7790 · Atutor · Atutor

Gbuckingham89

Published

2020-02-11

Updated

2020-02-12

CVE-2014-9753

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: ATutor versions 2.2 and earlier

Description: The issue allows remote attackers to bypass authentication and gain access as an existing user. This is achieved via the auto login parameter in the "confirm.php" file.

Recommendations: For ATutor versions 2.2 and earlier, consider disabling the auto login parameter in the "confirm.php" file as a temporary workaround until a patch is available. Restrict access to the "confirm.php" file to minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2014-9753

Affected Products

Atutor

PT-2020-7790 · Atutor · Atutor

CVE-2014-9753

Weakness Enumeration

Related Identifiers

Affected Products

References · 6