Atutor: >> Acontent >> 1.0 Security Vulnerabilities
An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-03-16
ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to (1) user/index_inline_editor_submit.php or (2) course_category/index_inline_editor_submit.php.
CVSS Score
7.5
EPSS Score
0.018
Published
2012-10-22
Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to execute arbitrary SQL commands via the (1) field parameter to course_category/index_inline_editor_submit.php or (2) user/index_inline_editor_submit.php; or (3) id parameter to user/user_password.php.
CVSS Score
7.5
EPSS Score
0.011
Published
2012-10-22