ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure.
References
Link | Resource |
---|---|
http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55 | Vendor Advisory |
http://www.atutor.ca/atutor/mantis/view.php?id=5681 | Permissions Required |
http://www.securityfocus.com/bid/99599 | Third Party Advisory VDB Entry |
Configurations
History
No history.
Information
Published : 2017-07-17 13:18
Updated : 2024-02-28 16:04
NVD link : CVE-2017-1000002
Mitre link : CVE-2017-1000002
CVE.ORG link : CVE-2017-1000002
JSON object : View
Products Affected
atutor
- atutor
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')