ID CVE-2005-3404
Summary Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php.
References
Vulnerable Configurations
  • cpe:2.3:a:adaptive_technology_resource_centre:atutor:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:adaptive_technology_resource_centre:atutor:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adaptive_technology_resource_centre:atutor:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:adaptive_technology_resource_centre:atutor:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:adaptive_technology_resource_centre:atutor:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:adaptive_technology_resource_centre:atutor:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:adaptive_technology_resource_centre:atutor:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:adaptive_technology_resource_centre:atutor:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adaptive_technology_resource_centre:atutor:1.5.1_pl1:*:*:*:*:*:*:*
    cpe:2.3:a:adaptive_technology_resource_centre:atutor:1.5.1_pl1:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 18-10-2016 - 03:35)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 15221
bugtraq 20051027 Secunia Research: ATutor Multiple Vulnerabilities
misc http://secunia.com/secunia_research/2005-55/advisory/
osvdb
  • 20345
  • 20346
sectrack 1015165
secunia 16915
sreason 123
vupen ADV-2005-2228
Last major update 18-10-2016 - 03:35
Published 01-11-2005 - 12:47
Last modified 18-10-2016 - 03:35
Back to Top