Vulnerability Details CVE-2006-3996
SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.025
EPSS Ranking 84.6%
CVSS Severity
CVSS v2 Score 6.5
References
- http://atutor.ca/news.php#010806
- http://retrogod.altervista.org/atutor_1531_sql.html
- http://secunia.com/advisories/21308
- http://securityreason.com/securityalert/1330
- http://www.osvdb.org/27665
- http://www.securityfocus.com/archive/1/441711/100/0/threaded
- http://www.securityfocus.com/bid/19232
- http://www.vupen.com/english/advisories/2006/3074
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28082
- https://www.exploit-db.com/exploits/2088
- http://atutor.ca/news.php#010806
- http://retrogod.altervista.org/atutor_1531_sql.html
- http://secunia.com/advisories/21308
- http://securityreason.com/securityalert/1330
- http://www.osvdb.org/27665
- http://www.securityfocus.com/archive/1/441711/100/0/threaded
- http://www.securityfocus.com/bid/19232
- http://www.vupen.com/english/advisories/2006/3074
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28082
- https://www.exploit-db.com/exploits/2088
Products affected by CVE-2006-3996
-
cpe:2.3:a:adaptive_technology_resource_centre:atutor:*