Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Unrestricted file upload vulnerability in mods/_core/properties/lib/course.inc.php in ATutor before 2.2 patch 6 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension as a customicon for a new course, then accessing it via a direct request to the file in content/.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ATutor 输入验证漏洞
Vulnerability Description
ATutor是ATutor团队开发的一套开源的基于Web的学习内容管理系统(LCMS)。该系统包括教学内容管理、论坛、聊天室等模块。 ATutor 2.2 patch 6之前版本的mods/_core/properties/lib/course.inc.php脚本中存在任意文件上传漏洞。远程攻击者可通过上传带有PHP扩展的文件,然后发送直接的请求访问该文件利用该漏洞执行任意PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A