{"api_version":"1","generated_at":"2026-07-02T07:26:54+00:00","cve":"CVE-2005-2956","urls":{"html":"https://cve.report/CVE-2005-2956","api":"https://cve.report/api/cve/CVE-2005-2956.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2005-2956","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2005-2956"},"summary":{"title":"CVE-2005-2956","description":"ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files.","state":"PUBLISHED","assigner":"mitre","published_at":"2005-09-16 22:03:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://marc.info/?l=bugtraq&m=112671176100432&w=2","name":"http://marc.info/?l=bugtraq&m=112671176100432&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"'ATutor 1.5.1 SQL Injection / Admin credentials disclosure /' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securityreason.com/securityalert/9","name":"http://securityreason.com/securityalert/9","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"ATutor 1.5.1 SQL Injection / Admin credentials disclosure / remote code execution - CXSecurity.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rgod.altervista.org/atutor151.html","name":"http://rgod.altervista.org/atutor151.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"],"title":"","mime":"text/plain","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/14832","name":"http://www.securityfocus.com/bid/14832","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"ATutor Chat Logs Remote Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2005-2956","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2005-2956","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2005","cve_id":"2956","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adaptive_technology_resource_centre","cpe5":"atutor","cpe6":"1.5.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T22:53:29.938Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"9","tags":["third-party-advisory","x_refsource_SREASON","x_transferred"],"url":"http://securityreason.com/securityalert/9"},{"name":"20050914 ATutor 1.5.1 SQL Injection / Admin credentials disclosure / Information disclosure / User impersonation / Remote code execution","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=112671176100432&w=2"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://rgod.altervista.org/atutor151.html"},{"name":"14832","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/14832"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2005-09-14T00:00:00.000Z","descriptions":[{"lang":"en","value":"ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2016-10-17T13:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"9","tags":["third-party-advisory","x_refsource_SREASON"],"url":"http://securityreason.com/securityalert/9"},{"name":"20050914 ATutor 1.5.1 SQL Injection / Admin credentials disclosure / Information disclosure / User impersonation / Remote code execution","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://marc.info/?l=bugtraq&m=112671176100432&w=2"},{"tags":["x_refsource_MISC"],"url":"http://rgod.altervista.org/atutor151.html"},{"name":"14832","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/14832"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2005-2956","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"9","refsource":"SREASON","url":"http://securityreason.com/securityalert/9"},{"name":"20050914 ATutor 1.5.1 SQL Injection / Admin credentials disclosure / Information disclosure / User impersonation / Remote code execution","refsource":"BUGTRAQ","url":"http://marc.info/?l=bugtraq&m=112671176100432&w=2"},{"name":"http://rgod.altervista.org/atutor151.html","refsource":"MISC","url":"http://rgod.altervista.org/atutor151.html"},{"name":"14832","refsource":"BID","url":"http://www.securityfocus.com/bid/14832"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2005-2956","datePublished":"2005-09-16T04:00:00.000Z","dateReserved":"2005-09-16T00:00:00.000Z","dateUpdated":"2024-08-07T22:53:29.938Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2005-09-16 22:03:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adaptive_technology_resource_centre:atutor:1.5.1:*:*:*:*:*:*:*","matchCriteriaId":"14BDCA86-C4D0-49B1-A8FE-E81C9B29B04F"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2005","CveId":"2956","Ordinal":"1","Title":"CVE-2005-2956","CVE":"CVE-2005-2956","Year":"2005"},"notes":[{"CveYear":"2005","CveId":"2956","Ordinal":"1","NoteData":"ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files.","Type":"Description","Title":"CVE-2005-2956"},{"CveYear":"2005","CveId":"2956","Ordinal":"2","NoteData":"2005-09-16","Type":"Other","Title":"Published"},{"CveYear":"2005","CveId":"2956","Ordinal":"3","NoteData":"2016-10-17","Type":"Other","Title":"Modified"}]}}}