PT-2022-11858 · Atutor · Atutor

Published

2022-04-08

Updated

2022-04-15

CVE-2021-43498

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions ATutor version 2.2.4

Description An Access Control issue exists in the password reminder.php file when the g, id, h, form password hidden, and form change HTTP POST parameters are set. This allows for potential unauthorized access.

Recommendations For ATutor version 2.2.4, as a temporary workaround, consider restricting access to the password reminder.php file until a patch is available. Avoid using the parameters g, id, h, form password hidden, and form change in the affected HTTP POST request until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-640

Related Identifiers

CVE-2021-43498

Affected Products

Atutor

PT-2022-11858 · Atutor · Atutor

CVE-2021-43498

Weakness Enumeration

Related Identifiers

Affected Products

References · 5