Description

An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user privilege. The Upload Files section in the File Manager field contains an arbitrary file upload vulnerability via upload.php. The $IllegalExtensions value only lists lowercase (and thus .phP is a bypass), and omits .shtml and .phtml.

Remediation

References

CVE-2019-11446

Related Vulnerabilities

WordPress Plugin Theme Blvd Sliders Multiple Security Bypass Vulnerabilities (1.2.3)

Resin Application Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-2966)

WordPress Plugin WP Security Question Cross-Site Request Forgery (1.0.5)

Perl Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-1238)

MySQL CVE-2014-6484 Vulnerability (CVE-2014-6484)

Severity

High

Classification

CVE-2019-11446 CWE-434 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities