Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states "The mentioned SQL injection vulnerability is not possible." However, the relevant source code suggests that this issue may be legitimate, and the parameter is cleansed in 1.5.3.1
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Atutor 'index.php' SQL注入漏洞
Vulnerability Description
** 有争议 ** ATutor 1.5.3中的index.php存在SQL注入漏洞,远程攻击者可以通过fid参数来执行任意SQL命令。注: 厂商对此提出反驳,声称"所提到的SQL注入漏洞是不可能的。"但是,相关源代码显示此问题可能是真实的,而该参数在1.5.3.1中得到了清理。
CVSS Information
N/A
Vulnerability Type
N/A