CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2014-9753

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1010%
EPSS Percentile26.04th
Published2020年2月11日
Last Modified2024年11月21日

Vulnerability Description

confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter.

Affected Platforms (CPE)

📦
Atutor

Atutor

<= 2.2

References & Advisories

🔗 http://karmainsecurity.com/KIS-2015-06
🔗 http://seclists.org/fulldisclosure/2015/Nov/11
🔗 http://update.atutor.ca/patch/2_2/2_2-6/patch.xml
🔗 http://www.securityfocus.com/archive/1/archive/1/536835/100/0/threaded
🔗 https://github.com/atutor/ATutor/commit/950a0299954e69b8742cc1f1a632f564435d4d7d
🔗 http://karmainsecurity.com/KIS-2015-06
🔗 http://seclists.org/fulldisclosure/2015/Nov/11
🔗 http://update.atutor.ca/patch/2_2/2_2-6/patch.xml

相關漏洞威脅

CVE-2016-25559.8

SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL ...

CVE-2017-10000029.8

ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component ...

CVE-2019-161149.8

In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which a...

CVE-2017-10000039.8

ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application comp...