Unauthenticated Database Manipulation Vulnerability in ATutor by Atutor
CVE-2019-16114

9.8CRITICAL

Key Information:

Vendor: Atutor
Status: Atutor
Vendor: CVE Published:; 9 September 2019

What is CVE-2019-16114?

ATutor version 2.2.4 is vulnerable to an unauthenticated access flaw that allows attackers to alter application settings, including database parameters. By manipulating the database configuration, an attacker can execute malicious commands within the application. Specifically, the vulnerability stems from insufficient restrictions on changes made in the installation scripts, which could lead to unauthorized file uploads and potential remote code execution.

References

https://github.com/atutor/ATutor/commits/master

x_refsource_MISC

https://github.com/MostafaSoliman/Security-Advisories/blo...

x_refsource_MISC

EPSS Score

20% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2019
Vulnerability Reserved
Sep 8, 2019