Atutor Multiple Vulnerabilities

Published: 2011-09-22 08:24:03

CVSS Base Vector:

Successful exploitation will let attackers to execute arbitrary script code or to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Affected Versions:
ATutor version 2.0.2

Technical Details:
Multiple flaws are due to an, - Input passed to the 'lang' parameter in '/documentation/index_list.php' is not properly sanitised before being returned to the user. - Input passed to the 'p_course', 'name' and 'value' parameters in '/mods/_standard/social/set_prefs.php' scripts is not properly sanitised before being used in SQL queries. - Input passed via the 'search_friends_HASH' POST parameter, where HASH is the value generated by the 'rand_key' parameter, to the '/mods/_standard/social/index_public.php' script is not properly sanitised before being returned to the user.

Upgrade to ATutor version 2.0.3 or later.

This host is running Atutor and is prone to information disclosure, SQL injection, and cross site scripting vulnerabilities.

Solution Type:
Vendor Patch

Detection Type:

SecurityFocus Bugtraq ID:


CVSS Score

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.