ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure.
References
Link | Resource |
---|---|
http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55 | Vendor Advisory |
http://www.atutor.ca/atutor/mantis/view.php?id=5681 | Permissions Required |
http://www.securityfocus.com/bid/99599 | Third Party Advisory VDB Entry |
http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55 | Vendor Advisory |
http://www.atutor.ca/atutor/mantis/view.php?id=5681 | Permissions Required |
http://www.securityfocus.com/bid/99599 | Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 03:03
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55 - Vendor Advisory | |
References | () http://www.atutor.ca/atutor/mantis/view.php?id=5681 - Permissions Required | |
References | () http://www.securityfocus.com/bid/99599 - Third Party Advisory, VDB Entry |
Information
Published : 2017-07-17 13:18
Updated : 2024-11-21 03:03
NVD link : CVE-2017-1000002
Mitre link : CVE-2017-1000002
CVE.ORG link : CVE-2017-1000002
JSON object : View
Products Affected
atutor
- atutor
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')