ATutor Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2017-1000004

ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox BasicLTI Blog Post Blog Group Course Email Course Alumni Course Enrolment Group Membership Course unenrolment Course Enrolment List Search Glossary Social Group Member Search Social Friend Search Social Group Search File Comment Gradebook Test Title User Group Membership Inbox/Sent Items Sent Messages Links Photo Album Poll Social Application Social Profile Test Content Menu Auto-Login and Gradebook components resulting in information disclosure database modification or potential code execution.