Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2019-11446

An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user privilege. The Upload Files section in the File Manager field contains an arbitrary file upload vulnerability via upload.php. The $IllegalExtensions value only lists lowercase (and thus .phP is a bypass), and omits .shtml and .phtml.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.04
EPSS Ranking 88.0%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
Products affected by CVE-2019-11446
  • Atutor » Atutor » Version: 0.9.6
    cpe:2.3:a:atutor:atutor:0.9.6
  • Atutor » Atutor » Version: 0.9.7
    cpe:2.3:a:atutor:atutor:0.9.7
  • Atutor » Atutor » Version: 1.0
    cpe:2.3:a:atutor:atutor:1.0
  • Atutor » Atutor » Version: 1.2.1
    cpe:2.3:a:atutor:atutor:1.2.1
  • Atutor » Atutor » Version: 1.2.2
    cpe:2.3:a:atutor:atutor:1.2.2
  • Atutor » Atutor » Version: 1.3
    cpe:2.3:a:atutor:atutor:1.3
  • Atutor » Atutor » Version: 1.3.1
    cpe:2.3:a:atutor:atutor:1.3.1
  • Atutor » Atutor » Version: 1.3.2
    cpe:2.3:a:atutor:atutor:1.3.2
  • Atutor » Atutor » Version: 1.3.3
    cpe:2.3:a:atutor:atutor:1.3.3
  • Atutor » Atutor » Version: 1.4
    cpe:2.3:a:atutor:atutor:1.4
  • Atutor » Atutor » Version: 1.4.1
    cpe:2.3:a:atutor:atutor:1.4.1
  • Atutor » Atutor » Version: 1.4.2
    cpe:2.3:a:atutor:atutor:1.4.2
  • Atutor » Atutor » Version: 1.4.3
    cpe:2.3:a:atutor:atutor:1.4.3
  • Atutor » Atutor » Version: 1.5
    cpe:2.3:a:atutor:atutor:1.5
  • Atutor » Atutor » Version: 1.5.1
    cpe:2.3:a:atutor:atutor:1.5.1
  • Atutor » Atutor » Version: 1.5.2
    cpe:2.3:a:atutor:atutor:1.5.2
  • Atutor » Atutor » Version: 1.5.3
    cpe:2.3:a:atutor:atutor:1.5.3
  • Atutor » Atutor » Version: 1.5.3.1
    cpe:2.3:a:atutor:atutor:1.5.3.1
  • Atutor » Atutor » Version: 1.5.3.2
    cpe:2.3:a:atutor:atutor:1.5.3.2
  • Atutor » Atutor » Version: 1.5.3.3
    cpe:2.3:a:atutor:atutor:1.5.3.3
  • Atutor » Atutor » Version: 1.5.4
    cpe:2.3:a:atutor:atutor:1.5.4
  • Atutor » Atutor » Version: 1.5.5
    cpe:2.3:a:atutor:atutor:1.5.5
  • Atutor » Atutor » Version: 1.6
    cpe:2.3:a:atutor:atutor:1.6
  • Atutor » Atutor » Version: 1.6.1
    cpe:2.3:a:atutor:atutor:1.6.1
  • Atutor » Atutor » Version: 1.6.2
    cpe:2.3:a:atutor:atutor:1.6.2
  • Atutor » Atutor » Version: 1.6.3
    cpe:2.3:a:atutor:atutor:1.6.3
  • Atutor » Atutor » Version: 1.6.4
    cpe:2.3:a:atutor:atutor:1.6.4
  • Atutor » Atutor » Version: 2.0
    cpe:2.3:a:atutor:atutor:2.0
  • Atutor » Atutor » Version: 2.0.1
    cpe:2.3:a:atutor:atutor:2.0.1
  • Atutor » Atutor » Version: 2.0.2
    cpe:2.3:a:atutor:atutor:2.0.2
  • Atutor » Atutor » Version: 2.0.3
    cpe:2.3:a:atutor:atutor:2.0.3
  • Atutor » Atutor » Version: 2.1
    cpe:2.3:a:atutor:atutor:2.1
  • Atutor » Atutor » Version: 2.1.1
    cpe:2.3:a:atutor:atutor:2.1.1
  • Atutor » Atutor » Version: 2.2
    cpe:2.3:a:atutor:atutor:2.2
  • Atutor » Atutor » Version: 2.2.1
    cpe:2.3:a:atutor:atutor:2.2.1
  • Atutor » Atutor » Version: 2.2.2
    cpe:2.3:a:atutor:atutor:2.2.2
  • Atutor » Atutor » Version: 2.2.4
    cpe:2.3:a:atutor:atutor:2.2.4


Products
Pricing
Contact Us

Shodan ® - All rights reserved