SQL Injection Vulnerability in ATutor AContent by ATutor
CVE-2012-5453

Currently unrated

Key Information:

Vendor: Atutor
Status: Acontent
Vendor: CVE Published:; 22 October 2012

What is CVE-2012-5453?

An SQL injection vulnerability exists in the user/index_inline_editor_submit.php file of ATutor AContent 1.2-1, enabling authenticated remote users to execute arbitrary SQL commands via the field parameter. This flaw is a result of an incomplete patch for an earlier issue identified in a previous CVE. The exploitation of this vulnerability could lead to unauthorized data access or manipulation, making it critical for users to implement security measures to protect their systems.

References

http://www.securityfocus.com/bid/56237

vdb-entryx_refsource_BID

http://secunia.com/advisories/51034

third-party-advisoryx_refsource_SECUNIA

https://www.htbridge.com/advisory/HTB23117

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2012
Vulnerability Reserved
Oct 22, 2012

Atutor

What is CVE-2012-5453?

References

Timeline