Description
confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Photo Gallery by Ays-Responsive Image Gallery SQL Injection (4.4.3)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5610)
MySQL CVE-2019-2486 Vulnerability (CVE-2019-2486)
WordPress Plugin Events Made Easy PHP Object Injection (2.0.52)
Atlassian Confluence CVE-2023-22505 Vulnerability (CVE-2023-22505)