Cross-Site Request Forgery Vulnerabilities in ATutor by ATutor Team
CVE-2015-1583

8.8HIGH

Key Information:

Vendor

Atutor

Status
Atutor
Vendor
CVE Published:
2 March 2020

What is CVE-2015-1583?

Multiple vulnerabilities present in ATutor 2.2 enable remote attackers to perform cross-site request forgery attacks, allowing them to hijack administrator authentication. These vulnerabilities can be exploited to create administrator accounts or user accounts by sending crafted requests to specific endpoints without proper authentication checks, significantly compromising the security of the application.

References

http://packetstormsecurity.com/files/130598/ATutor-LCMS-2...
x_refsource_MISC
http://www.securityfocus.com/bid/72845
vdb-entryx_refsource_BID
https://github.com/atutor/ATutor/commit/068b8aa37f24645c6...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.