![]() ![]() Has assigned the name CVE-2014-9753 to this vulnerability. ![]() The Common Vulnerabilities and Exposures project ( ) Atutor software Patch#– Vendor notified about incompleteness of the patch Download ATutor 2.2.4 ATutor Features ATutor Documentation Try the ATutor Demo Report ATutor Issues AContent AContent is an Open Source LCMS, used to develop and share elearning content. – Vendor response stating this issue will be patched right away ATutor ATutor is an Open Source LMS, used to develop and manage online courses, and to create and distribute interoperable elearning content. ![]() aTutor is an open source web-based Learning Management System (LMS) used to develop. Successful exploitation of this vulnerability might allow an attacker to access the application with the most privileged user, leading to achieve arbitrary PHP code execution by leveraging further vulnerabilities. 508 standards and tested with a range of screen reader software. However, its “auto-login” feature uses the same session variables used to authenticate the user in the whole application, and this might enable unauthenticated attackers to bypass the authentication mechanism and impersonate legitimate users by simply knowing their user IDs. This script is intended to be used for the account confirmation. $row = queryDB($sql, array(TABLE_PREFIX, $_REQUEST), TRUE) $sql = "SELECT M.member_id, M.login, M.preferences, M.language FROM %smembers M WHERE M.member_id=%d" The vulnerable code is located in the /confirm.php script: if (isset($_REQUEST)) ATutor <= 2.2 (confirm.php) Session Variable Overloading Vulnerability ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |