CVE-2014-9752

Unrestricted file upload vulnerability in mods/_core/properties/lib/course.inc.php in ATutor before 2.2 patch 6 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension as a customicon for a new course, then accessing it via a direct request to the file in content/.
Configurations

Configuration 1 (hide)

cpe:2.3:a:atutor:atutor:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:21

Type Values Removed Values Added
References () http://karmainsecurity.com/KIS-2015-05 - () http://karmainsecurity.com/KIS-2015-05 -
References () http://packetstormsecurity.com/files/134215/ATutor-2.2-File-Upload.html - () http://packetstormsecurity.com/files/134215/ATutor-2.2-File-Upload.html -
References () http://seclists.org/fulldisclosure/2015/Nov/10 - () http://seclists.org/fulldisclosure/2015/Nov/10 -
References () http://update.atutor.ca/patch/2_2/2_2-6/patch.xml - () http://update.atutor.ca/patch/2_2/2_2-6/patch.xml -
References () http://www.securityfocus.com/archive/1/536834/100/0/threaded - () http://www.securityfocus.com/archive/1/536834/100/0/threaded -

Information

Published : 2015-11-16 19:59

Updated : 2024-11-21 02:21


NVD link : CVE-2014-9752

Mitre link : CVE-2014-9752

CVE.ORG link : CVE-2014-9752


JSON object : View

Products Affected

atutor

  • atutor