CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-43498

An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h, form_password_hidden, and form_change HTTP POST parameters are set.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 72.9%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://github.com/atutor/ATutor/blob/master/password_reminder.php
https://packetstormsecurity.com/files/157563/ATutor-LMS-2.2.4-Weak-Password-Reset-Hash.html
https://github.com/atutor/ATutor/blob/master/password_reminder.php
https://packetstormsecurity.com/files/157563/ATutor-LMS-2.2.4-Weak-Password-Reset-Hash.html

Products affected by CVE-2021-43498

Atutor » Atutor » Version: 2.2.4

cpe:2.3:a:atutor:atutor:2.2.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-43498

Products

Pricing

Contact Us