Unrestricted File Upload in ATutor Software by ATutor Team
CVE-2014-9752

Currently unrated

Key Information:

Vendor: Atutor
Status: Atutor
Vendor: CVE Published:; 16 November 2015

What is CVE-2014-9752?

The vulnerability in ATutor allows remote authenticated users to exploit an unrestricted file upload feature. By uploading a file with a PHP extension as a custom icon for a new course, attackers can execute arbitrary PHP code. This issue arises from inadequate validation and can lead to unauthorized access and control over the affected server.

References

http://www.securityfocus.com/archive/1/536834/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://update.atutor.ca/patch/2_2/2_2-6/patch.xml

x_refsource_CONFIRM

http://karmainsecurity.com/KIS-2015-05

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 16, 2015
Vulnerability Reserved
Oct 5, 2015

Atutor

What is CVE-2014-9752?

References

Timeline