Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2019-12170

ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.16
EPSS Ranking 94.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
Products affected by CVE-2019-12170
  • Atutor » Atutor » Version: 0.9.6
    cpe:2.3:a:atutor:atutor:0.9.6
  • Atutor » Atutor » Version: 0.9.7
    cpe:2.3:a:atutor:atutor:0.9.7
  • Atutor » Atutor » Version: 1.0
    cpe:2.3:a:atutor:atutor:1.0
  • Atutor » Atutor » Version: 1.2.1
    cpe:2.3:a:atutor:atutor:1.2.1
  • Atutor » Atutor » Version: 1.2.2
    cpe:2.3:a:atutor:atutor:1.2.2
  • Atutor » Atutor » Version: 1.3
    cpe:2.3:a:atutor:atutor:1.3
  • Atutor » Atutor » Version: 1.3.1
    cpe:2.3:a:atutor:atutor:1.3.1
  • Atutor » Atutor » Version: 1.3.2
    cpe:2.3:a:atutor:atutor:1.3.2
  • Atutor » Atutor » Version: 1.3.3
    cpe:2.3:a:atutor:atutor:1.3.3
  • Atutor » Atutor » Version: 1.4
    cpe:2.3:a:atutor:atutor:1.4
  • Atutor » Atutor » Version: 1.4.1
    cpe:2.3:a:atutor:atutor:1.4.1
  • Atutor » Atutor » Version: 1.4.2
    cpe:2.3:a:atutor:atutor:1.4.2
  • Atutor » Atutor » Version: 1.4.3
    cpe:2.3:a:atutor:atutor:1.4.3
  • Atutor » Atutor » Version: 1.5
    cpe:2.3:a:atutor:atutor:1.5
  • Atutor » Atutor » Version: 1.5.1
    cpe:2.3:a:atutor:atutor:1.5.1
  • Atutor » Atutor » Version: 1.5.2
    cpe:2.3:a:atutor:atutor:1.5.2
  • Atutor » Atutor » Version: 1.5.3
    cpe:2.3:a:atutor:atutor:1.5.3
  • Atutor » Atutor » Version: 1.5.3.1
    cpe:2.3:a:atutor:atutor:1.5.3.1
  • Atutor » Atutor » Version: 1.5.3.2
    cpe:2.3:a:atutor:atutor:1.5.3.2
  • Atutor » Atutor » Version: 1.5.3.3
    cpe:2.3:a:atutor:atutor:1.5.3.3
  • Atutor » Atutor » Version: 1.5.4
    cpe:2.3:a:atutor:atutor:1.5.4
  • Atutor » Atutor » Version: 1.5.5
    cpe:2.3:a:atutor:atutor:1.5.5
  • Atutor » Atutor » Version: 1.6
    cpe:2.3:a:atutor:atutor:1.6
  • Atutor » Atutor » Version: 1.6.1
    cpe:2.3:a:atutor:atutor:1.6.1
  • Atutor » Atutor » Version: 1.6.2
    cpe:2.3:a:atutor:atutor:1.6.2
  • Atutor » Atutor » Version: 1.6.3
    cpe:2.3:a:atutor:atutor:1.6.3
  • Atutor » Atutor » Version: 1.6.4
    cpe:2.3:a:atutor:atutor:1.6.4
  • Atutor » Atutor » Version: 2.0
    cpe:2.3:a:atutor:atutor:2.0
  • Atutor » Atutor » Version: 2.0.1
    cpe:2.3:a:atutor:atutor:2.0.1
  • Atutor » Atutor » Version: 2.0.2
    cpe:2.3:a:atutor:atutor:2.0.2
  • Atutor » Atutor » Version: 2.0.3
    cpe:2.3:a:atutor:atutor:2.0.3
  • Atutor » Atutor » Version: 2.1
    cpe:2.3:a:atutor:atutor:2.1
  • Atutor » Atutor » Version: 2.1.1
    cpe:2.3:a:atutor:atutor:2.1.1
  • Atutor » Atutor » Version: 2.2
    cpe:2.3:a:atutor:atutor:2.2
  • Atutor » Atutor » Version: 2.2.1
    cpe:2.3:a:atutor:atutor:2.2.1
  • Atutor » Atutor » Version: 2.2.2
    cpe:2.3:a:atutor:atutor:2.2.2
  • Atutor » Atutor » Version: 2.2.4
    cpe:2.3:a:atutor:atutor:2.2.4


Products
Pricing
Contact Us

Shodan ® - All rights reserved