CVE-2014-9753

confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter.
Configurations

Configuration 1 (hide)

cpe:2.3:a:atutor:atutor:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:21

Type Values Removed Values Added
References () http://karmainsecurity.com/KIS-2015-06 - Exploit, Third Party Advisory () http://karmainsecurity.com/KIS-2015-06 - Exploit, Third Party Advisory
References () http://seclists.org/fulldisclosure/2015/Nov/11 - Exploit, Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2015/Nov/11 - Exploit, Mailing List, Third Party Advisory
References () http://update.atutor.ca/patch/2_2/2_2-6/patch.xml - Broken Link () http://update.atutor.ca/patch/2_2/2_2-6/patch.xml - Broken Link
References () http://www.securityfocus.com/archive/1/archive/1/536835/100/0/threaded - Broken Link () http://www.securityfocus.com/archive/1/archive/1/536835/100/0/threaded - Broken Link
References () https://github.com/atutor/ATutor/commit/950a0299954e69b8742cc1f1a632f564435d4d7d - Patch, Third Party Advisory () https://github.com/atutor/ATutor/commit/950a0299954e69b8742cc1f1a632f564435d4d7d - Patch, Third Party Advisory

Information

Published : 2020-02-11 18:15

Updated : 2024-11-21 02:21


NVD link : CVE-2014-9753

Mitre link : CVE-2014-9753

CVE.ORG link : CVE-2014-9753


JSON object : View

Products Affected

atutor

  • atutor
CWE
CWE-287

Improper Authentication