CVE-2017-1000004

ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend Search, Social Group Search, File Comment, Gradebook Test Title, User Group Membership, Inbox/Sent Items, Sent Messages, Links, Photo Album, Poll, Social Application, Social Profile, Test, Content Menu, Auto-Login, and Gradebook components resulting in information disclosure, database modification, or potential code execution.
Configurations

Configuration 1 (hide)

cpe:2.3:a:atutor:atutor:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:03

Type Values Removed Values Added
References () http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55 - Vendor Advisory () http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55 - Vendor Advisory
References () http://www.atutor.ca/atutor/mantis/view.php?id=5681 - Permissions Required () http://www.atutor.ca/atutor/mantis/view.php?id=5681 - Permissions Required
References () http://www.securityfocus.com/bid/99599 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/99599 - Third Party Advisory, VDB Entry

Information

Published : 2017-07-17 13:18

Updated : 2024-11-21 03:03


NVD link : CVE-2017-1000004

Mitre link : CVE-2017-1000004

CVE.ORG link : CVE-2017-1000004


JSON object : View

Products Affected

atutor

  • atutor
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')