![]() Vulnerability discovered by Egidio Romano. Has assigned the name CVE-2014-9753 to this vulnerability. SRC Commvault CommCell CVSearchService Authentication Bypass Vulnerability. ![]() The Common Vulnerabilities and Exposures project ( ) Cross-site request forgery (CSRF) vulnerability in installmodules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file. To make full use of and derive benefit from (a resource). – Vendor notified about incompleteness of the patch – Vendor response stating this issue will be patched right away Successful exploitation of this vulnerability might allow an attacker to access the application with the most privileged user, leading to achieve arbitrary PHP code execution by leveraging further vulnerabilities. However, its “auto-login” feature uses the same session variables used to authenticate the user in the whole application, and this might enable unauthenticated attackers to bypass the authentication mechanism and impersonate legitimate users by simply knowing their user IDs. This script is intended to be used for the account confirmation. the open-source learning management system ATutor (and was. $row = queryDB($sql, array(TABLE_PREFIX, $_REQUEST), TRUE) In order to put teachers in condition to exploit the synergy of working with. $sql = "SELECT M.member_id, M.login, M.preferences, M.language FROM %smembers M WHERE M.member_id=%d" The vulnerable code is located in the /confirm.php script: if (isset($_REQUEST)) Theese issues can be exploited to execute arbitrary HTML and script code in a. On the web application, a blacklist verification is performed before extraction, however it is not sufficient to prevent exploitation. ATutor <= 2.2 (confirm.php) Session Variable Overloading Vulnerability ATutor is an Open Source Web-based Learning Content Management System. This module exploits a directory traversal vulnerability in ATutor on an Apache/PHP setup with displayerrors set to On, which can be used to allow us to upload a malicious ZIP file.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |