Description

Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and earlier allow remote authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary PHP code via the (1) asc or (2) desc parameter.

Remediation

References

CVE-2015-7712

Related Vulnerabilities

WordPress Plugin Visual Email Designer for WooCommerce SQL Injection (1.7.1)

Nginx Out-of-bounds Write Vulnerability (CVE-2022-41741)

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-1980)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-0215)

jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184)

Severity

Medium

Classification

CVE-2015-7712

Tags

Missing Update Known Vulnerabilities