ATutor < 1.5.1-pl1 Multiple Flaws Network Vulnerability

Summary

The remote web server contains a PHP application that is prone to multiple flaws. Description : The remote host is running ATutor, an open-source web-based Learning Content Management System (LCMS) written in PHP. The version of ATutor installed on the remote host may be vulnerable to arbitrary command execution, arbitrary file access, and cross-site scripting attacks. Successful exploitation of the first two issues requires that PHP's 'register_globals' setting be enabled and, in some cases, that 'magic_quotes_gpc' be disabled.

Solution

Apply patch 1.5.1-pl1 or upgrade to version 1.5.2 or later.

References

http://secunia.com/secunia_research/2005-55/advisory/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2005-3403, CVE-2005-3404, CVE-2005-3405

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
Acidcat CMS Multiple Vulnerabilities
Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability
AdMentor Login Flaw
AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities

Take action and discover your vulnerabilities