Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

Educational

ATutor

ATutor is an Open Source Web-based Learning Management System (LMS) used to develop and deliver online courses. Administrators can install or update ATutor in minutes develop custom themes to give ATutor a new look and easily extend its functionality with feature modules. Educators can quickly assemble package and redistribute Web-based instructional content easily import prepackaged content

Official Site:

http://www.atutor.ca/

Severity Summary:

Critical: 6 High: 7 Medium: 13 Low: 2
Reference
Title
Severity
CVE-2019-16114
ATutor Incorrect Authorization Vulnerability
Critical
CVE-2017-1000004
ATutor Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2016-2555
ATutor Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2017-1000002
ATutor Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Critical
CVE-2017-1000003
ATutor Improper Privilege Management Vulnerability
Critical
CVE-2014-9753
ATutor Improper Authentication Vulnerability
Critical
CVE-2016-10400
ATutor Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2021-43498
ATutor Weak Password Recovery Mechanism for Forgotten Password Vulnerability
High
CVE-2019-11446
ATutor Unrestricted Upload of File with Dangerous Type Vulnerability
High
CVE-2019-12170
ATutor Unrestricted Upload of File with Dangerous Type Vulnerability
High
CVE-2016-2539
ATutor Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2015-1583
ATutor Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2019-12169
ATutor Unrestricted Upload of File with Dangerous Type Vulnerability
High
CVE-2012-6528
ATutor Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-23341
ATutor Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2008-0828
ATutor Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2008-3368
ATutor Improper Control of Generation of Code (Code Injection) Vulnerability
Medium
CVE-2011-3706
ATutor Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2015-7712
ATutor Other Vulnerability
Medium
CVE-2014-9752
ATutor Other Vulnerability
Medium
CVE-2017-14981
ATutor Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2015-7711
ATutor Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2015-6521
ATutor Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2017-6483
ATutor Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-7172
ATutor Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-27008
ATutor Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2014-2091
ATutor Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Low
CVE-2010-0971
ATutor Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Low