Description

Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and earlier allow remote authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary PHP code via the (1) asc or (2) desc parameter.

Remediation

References

CVE-2015-7712

Related Vulnerabilities

PHP Incorrect Conversion between Numeric Types Vulnerability (CVE-2016-3074)

WordPress Plugin Loco Translate PHP Code Injection (2.5.3)

WordPress Plugin Poll, Survey, Questionnaire and Voting system SQL Injection (1.2.4)

Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.3)

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-9033)

Severity

Medium

Classification

CVE-2015-7712

Tags

Missing Update Known Vulnerabilities