CVE-2020-37147

Name of the Vulnerable Software and Affected Versions ATutor version 2.2.4

Description ATutor 2.2.4 has a SQL injection issue in the admin user deletion page. Authenticated attackers can manipulate database queries through the id parameter. Exploitation involves injecting malicious SQL code into the id parameter of the 'admin delete.php' script, potentially allowing attackers to extract or modify database information.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the 'admin delete.php' script to minimize the risk of exploitation. Avoid using the id parameter in the affected script until the issue is resolved.