PHP Code Injection Vulnerability in ATutor by CampusPress
CVE-2015-7712

Currently unrated

Key Information:

Vendor

Atutor

Status
Atutor
Vendor
CVE Published:
16 November 2015

What is CVE-2015-7712?

In ATutor 2.2 and earlier, multiple vulnerabilities exist in the 'edit_marks.php' script within the standard gradebook module. These vulnerabilities allow authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary PHP code by manipulating the 'asc' or 'desc' parameters. This poses a significant risk as it can lead to unauthorized actions or data breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://karmainsecurity.com/KIS-2015-08
x_refsource_MISC
http://www.securityfocus.com/archive/1/536836/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://packetstormsecurity.com/files/134218/ATutor-2.2-PH...
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.