Vulnerability Details CVE-2006-5734
Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php, the (2) req_lang parameter in documentation/common/search.php and (c) documentation/common/vitals.inc.php, the (3) row[dir_name] parameter in (d) include/classes/module/module.class.php, and the (4) lang_path parameter in (e) include/classes/phpmailer/class.phpmailer.php. NOTE: the print.php vector is already covered by CVE-2005-3404.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.4%
CVSS Severity
CVSS v2 Score 7.5
References
- http://securityreason.com/securityalert/1823
- http://www.securityfocus.com/archive/1/449233/100/200/threaded
- http://www.securityfocus.com/bid/20634
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29693
- http://securityreason.com/securityalert/1823
- http://www.securityfocus.com/archive/1/449233/100/200/threaded
- http://www.securityfocus.com/bid/20634
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29693
Products affected by CVE-2006-5734
-
cpe:2.3:a:adaptive_technology_resource_centre:atutor:1.5.3.2