Unrestricted File Upload in ATutor Software by ATutor Team
CVE-2014-9752

Currently unrated

Key Information:

Vendor

Atutor

Status
Atutor
Vendor
CVE Published:
16 November 2015

What is CVE-2014-9752?

The vulnerability in ATutor allows remote authenticated users to exploit an unrestricted file upload feature. By uploading a file with a PHP extension as a custom icon for a new course, attackers can execute arbitrary PHP code. This issue arises from inadequate validation and can lead to unauthorized access and control over the affected server.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/archive/1/536834/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://update.atutor.ca/patch/2_2/2_2-6/patch.xml
x_refsource_CONFIRM
http://karmainsecurity.com/KIS-2015-05
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.