HomePentest-Tools.com Logo

ATutor < 1.5.1-pl1 Multiple Flaws CVE-2005-3403CVE-2005-3404CVE-2005-3405

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

The remote web server contains a PHP application that is prone to multiple flaws. The remote host is running ATutor, an open-source web-based Learning Content Management System (LCMS) written in PHP. The version of ATutor installed on the remote host may be vulnerable to arbitrary command execution, arbitrary file access, and cross-site scripting attacks. Successful exploitation of the first two issues requires that PHPs register_globals setting be enabled and, in some cases, that magic_quotes_gpc be disabled.

Risk description
Not available
Recommendation

Apply patch 1.5.1-pl1 or upgrade to version 1.5.2 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Nov 1, 2005
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available