N/A

ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.

N/A

N/A

ATutor 代码问题漏洞

ATutor是ATutor团队的一套开源的基于Web的学习内容管理系统（LCMS）。该系统包括教学内容管理、论坛、聊天室等模块。 ATutor 2.2.4及之前版本中存在任意文件上传漏洞。攻击者可借助备份组件利用该漏洞执行命令。

N/A

N/A