Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution. This occurs because install/include/header.php does not restrict certain changes (to db_host, db_login, db_password, and content_dir) within install/include/step5.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ATutor 访问控制错误漏洞
Vulnerability Description
ATutor是ATutor团队的一套开源的基于Web的学习内容管理系统(LCMS)。该系统包括教学内容管理、论坛、聊天室等模块。 ATutor 2.2.4版本中存在安全漏洞,该漏洞源于install/include/header.php文件没有限制在install/include/step5.php文件中的一些修改操作。攻击者可利用该漏洞修改应用程序设置,使该应用程序使用其制作的数据库,进而获取应用应程序的访问权限,执行代码。
CVSS Information
N/A
Vulnerability Type
N/A