CyberSec.Space Logo
返回 CVE 浏览器

CVE-2016-2555

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0080%
EPSS Percentile11.45th
Published2017年4月13日
Last Modified2026年5月13日

Vulnerability Description

SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.

Affected Platforms (CPE)

📦
Atutor

Atutor

= 2.2.1

References & Advisories

🔗 http://sourceincite.com/research/src-2016-08/
🔗 http://www.rapid7.com/db/modules/exploit/multi/http/atutor_sqli
🔗 https://github.com/atutor/ATutor/commit/629b2c992447f7670a2fecc484abfad8c4c2d298
🔗 https://github.com/atutor/ATutor/commit/945a9dca01def8536516088da30fe6a4b7e9fa85
🔗 https://www.exploit-db.com/exploits/39514/
🔗 http://sourceincite.com/research/src-2016-08/
🔗 http://www.rapid7.com/db/modules/exploit/multi/http/atutor_sqli
🔗 https://github.com/atutor/ATutor/commit/629b2c992447f7670a2fecc484abfad8c4c2d298

相关漏洞威胁

CVE-2014-97539.8

confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the...

CVE-2017-10000029.8

ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component ...

CVE-2019-161149.8

In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which a...

CVE-2017-10000039.8

ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application comp...