Known Vulnerabilities for products from Atutor
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Atutor".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-27008 json | A Cross-site scripting (XSS) vulnerability in the function encrypt_password() in login.tmpl.php in ATutor 2.2.1 allows remote... | 6.1 - MEDIUM | 2023-03-28 | 2023-04-03 |
| CVE-2021-43498 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-04-08 | 2022-04-15 |
| CVE-2020-23341 json | A reflected cross site scripting (XSS) vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to ex... | 6.1 - MEDIUM | 2021-08-17 | 2021-08-24 |
| CVE-2020-10557 json | An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged accou... | 8.8 - HIGH | 2020-03-16 | 2020-03-18 |
| CVE-2019-16114 json | In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, wh... | 9.8 - CRITICAL | 2019-09-09 | 2020-08-24 |
| CVE-2019-12170 json | ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. Th... | 8.8 - HIGH | 2019-05-17 | 2019-08-05 |
| CVE-2019-12169 json | ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in ... | 8.8 - HIGH | 2019-06-03 | 2022-04-22 |
| CVE-2019-11446 json | An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user privi... | 8.8 - HIGH | 2019-04-22 | 2019-04-26 |
| CVE-2019-7172 json | A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Re... | 6.1 - MEDIUM | 2019-01-29 | 2019-01-29 |
| CVE-2017-1000004 json | ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Grou... | 9.8 - CRITICAL | 2017-07-17 | 2017-08-04 |
| CVE-2017-1000003 json | ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application... | 9.8 - CRITICAL | 2017-07-17 | 2019-10-03 |
| CVE-2017-1000002 json | ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course compo... | 9.8 - CRITICAL | 2017-07-17 | 2017-07-27 |
| CVE-2017-14981 json | Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of ... | 5.4 - MEDIUM | 2017-10-03 | 2017-10-11 |
| CVE-2017-6483 json | Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. The vulnerabilities exist due to insufficient fil... | 6.1 - MEDIUM | 2017-03-05 | 2017-03-08 |
| CVE-2016-10400 json | Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The ... | 7.5 - HIGH | 2017-07-22 | 2017-07-26 |
| CVE-2016-2555 json | SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary... | 9.8 - CRITICAL | 2017-04-13 | 2017-09-08 |
| CVE-2016-2539 json | Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hija... | 8.8 - HIGH | 2017-02-07 | 2017-09-08 |
| CVE-2015-7712 json | Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and earlier allow remote aut... | 6.5 - MEDIUM | 2015-11-16 | 2018-10-09 |
| CVE-2015-7711 json | Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitra... | 6.1 - MEDIUM | 2017-08-31 | 2019-05-02 |
| CVE-2015-6521 json | Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS version 2.2. | 5.4 - MEDIUM | 2017-10-10 | 2017-10-27 |