Known Vulnerabilities for products from Atutor

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Atutor".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-6956 json Not Provided 2026-05-11 2026-05-11
CVE-2026-6909 json Not Provided 2026-05-11 2026-05-11
CVE-2023-27008 json A Cross-site scripting (XSS) vulnerability in the function encrypt_password() in login.tmpl.php in ATutor 2.2.1 allows remote... 6.1 - MEDIUM 2023-03-28 2023-04-03
CVE-2021-43498 json ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 7.5 - HIGH 2022-04-08 2022-04-15
CVE-2020-23341 json A reflected cross site scripting (XSS) vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to ex... 6.1 - MEDIUM 2021-08-17 2021-08-24
CVE-2020-10557 json An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged accou... 8.8 - HIGH 2020-03-16 2020-03-18
CVE-2019-16114 json In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, wh... 9.8 - CRITICAL 2019-09-09 2020-08-24
CVE-2019-12170 json ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. Th... 8.8 - HIGH 2019-05-17 2019-08-05
CVE-2019-12169 json ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in ... 8.8 - HIGH 2019-06-03 2022-04-22
CVE-2019-11446 json An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user privi... 8.8 - HIGH 2019-04-22 2019-04-26
CVE-2019-7172 json A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Re... 6.1 - MEDIUM 2019-01-29 2019-01-29
CVE-2017-1000004 json ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Grou... Not Provided 2017-07-17 2025-04-20
CVE-2017-1000003 json ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application... Not Provided 2017-07-17 2025-04-20
CVE-2017-1000002 json ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course compo... Not Provided 2017-07-17 2025-04-20
CVE-2017-14981 json Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of ... 5.4 - MEDIUM 2017-10-03 2017-10-11
CVE-2017-6483 json Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. The vulnerabilities exist due to insufficient fil... 6.1 - MEDIUM 2017-03-05 2017-03-08
CVE-2016-10400 json Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The ... Not Provided 2017-07-22 2025-04-20
CVE-2016-2555 json SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary... Not Provided 2017-04-13 2025-04-20
CVE-2016-2539 json Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hija... Not Provided 2017-02-07 2025-04-20
CVE-2015-7712 json Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and earlier allow remote aut... Not Provided 2015-11-16 2026-05-06
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Atutor

Type Vendor Product Version
ApplicationAtutorAchecker1.0
ApplicationAtutorAcollab1.2
ApplicationAtutorAcontent1.0
ApplicationAtutorAtutor0.9.6
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report