Description

PHP remote file inclusion vulnerability in tools/packages/import.php in ATutor 1.6.1 pl1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via a URL in the type parameter.

Remediation

References

CVE-2008-3368

Related Vulnerabilities

WordPress Plugin Cookie Notice & Compliance for GDPR/CCPA Cross-Site Scripting (2.1.1)

WordPress Plugin Easy Property Listings Unspecified Vulnerability (2.0)

Moodle Cryptographic Issues Vulnerability (CVE-2009-4302)

WordPress 4.4.x Possible SQL Injection Vulnerability (4.4 - 4.4.11)

MySQL CVE-2017-10276 Vulnerability (CVE-2017-10276)

Severity

Medium

Classification

CVE-2008-3368 CWE-94

Tags

Missing Update Known Vulnerabilities