CyberSec.Space Logo
Back to CVE Browser

CVE-2017-1000002

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1430%
EPSS Percentile1.52th
PublishedJul 17, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure.

Affected Platforms (CPE)

πŸ“¦
Atutor

Atutor

<= 2.2.1

References & Advisories

πŸ”— http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55
πŸ”— http://www.atutor.ca/atutor/mantis/view.php?id=5681
πŸ”— http://www.securityfocus.com/bid/99599
πŸ”— http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55
πŸ”— http://www.atutor.ca/atutor/mantis/view.php?id=5681
πŸ”— http://www.securityfocus.com/bid/99599

Related Vulnerabilities

CVE-2014-97539.8

confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the...

CVE-2016-25559.8

SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL ...

CVE-2019-161149.8

In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which a...

CVE-2017-10000039.8

ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application comp...