PHP Execution Vulnerability in ATutor by LMS Media
CVE-2005-3405

Currently unrated

Key Information:

Vendor: LMS Media
Status: ATutor
Vendor: CVE Published:; 1 November 2005

What is CVE-2005-3405?

The vulnerability in ATutor versions 1.4.1 through 1.5.1-pl1 arises from a flaw in the handling of user input. Specifically, it allows attackers to execute arbitrary PHP functions through a manipulated request to the forum.inc.php script. By modifying the addslashes parameter in such requests, with either the 'asc' or 'desc' parameters set, attackers can exploit this eval injection vulnerability to gain unauthorized access and execute potentially harmful code.

References

http://marc.info/?l=bugtraq&m=113043022821049&w=2

mailing-listx_refsource_BUGTRAQ

http://www.vupen.com/english/advisories/2005/2228

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/16915/

third-party-advisoryx_refsource_SECUNIA

EPSS Score

8% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 1, 2005
Vulnerability Reserved
Nov 1, 2005

CVE-2005-3405 Data

JSON