CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2017-1000002

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1430%
EPSS Percentile1.52th
Published2017年7月17日
Last Modified2026年5月13日

Vulnerability Description

ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure.

Affected Platforms (CPE)

📦
Atutor

Atutor

<= 2.2.1

References & Advisories

🔗 http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55
🔗 http://www.atutor.ca/atutor/mantis/view.php?id=5681
🔗 http://www.securityfocus.com/bid/99599
🔗 http://www.atutor.ca/atutor/mantis/changelog_page.php?version_id=55
🔗 http://www.atutor.ca/atutor/mantis/view.php?id=5681
🔗 http://www.securityfocus.com/bid/99599

相關漏洞威脅

CVE-2014-97539.8

confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the...

CVE-2016-25559.8

SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL ...

CVE-2019-161149.8

In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which a...

CVE-2017-10000039.8

ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application comp...