CVE-2015-1583

Name of the Vulnerable Software and Affected Versions: ATutor version 2.2

Description: The issue allows remote attackers to hijack the authentication of administrators for requests that create an administrator account via a request to "mods/ core/users/admins/create.php" or create a user account via a request to "mods/ core/users/create user.php". This is due to multiple cross-site request forgery (CSRF) vulnerabilities.

Recommendations: For ATutor version 2.2, as a temporary workaround, consider disabling access to the "mods/ core/users/admins/create.php" and "mods/ core/users/create user.php" endpoints until a patch is available. Restrict access to these endpoints to minimize the risk of exploitation. Avoid using these endpoints in administrative tasks until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.