HomePentest-Tools.com Logo

ATutor password reminder SQL injection CVE-2005-2954

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

The remote version of ATutor contains an input validation flaw in the password_reminder.php script. This vulnerability occurs only when magic_quotes_gpc is set to off in the php.ini configuration file.

Risk description

A malicious user can exploit this flaw to manipulate SQL queries and steal any users password.

Recommendation

Upgrade to ATutor 1.5.1 pl1 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Sep 16, 2005
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available