CSRF Vulnerability in ATutor Learning Management System
CVE-2016-2539

8.8HIGH

Key Information:

Vendor

Atutor

Status
Atutor
Vendor
CVE Published:
7 February 2017

What is CVE-2016-2539?

A cross-site request forgery (CSRF) vulnerability exists in the install_modules.php file of ATutor prior to version 2.2.2. This flaw allows remote attackers to manipulate user sessions, potentially enabling them to upload arbitrary files. If exploited, the vulnerability could permit the execution of arbitrary PHP code remotely, representing a significant security risk for affected ATutor installations. Mitigation involves upgrading to version 2.2.2 or higher, and implementing robust security measures to guard against CSRF attacks.

References

https://www.exploit-db.com/exploits/39524/
exploitx_refsource_EXPLOIT-DB
https://packetstormsecurity.com/files/136109/ATutor-LMS-2...
x_refsource_MISC
https://github.com/atutor/ATutor/commit/bfc6c80c6c217c551...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.