Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3662


Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3662
Last Modified 05 Sep 2008 05:07:43
Published 18 Jul 2006 11:47:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



** DISPUTED ** SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states "The mentioned SQL injection vulnerability is not possible." However, the relevant source code suggests that this issue may be legitimate, and the parameter is cleansed in

Vulnerable Systems


  • Adaptive Technology Resource Centre Atutor 1.5.3


XF - atutor-index-sql-injection(27620)

BID - 18898

BUGTRAQ - 20060711 Re: ATutor 1.5.3 Cross Site Scripting

BUGTRAQ - 20060708 ATutor 1.5.3 Cross Site Scripting

BUGTRAQ - 20060721 Re: ATutor 1.5.3 Cross Site Scripting

OSVDB - 28188

Last Updated: 27 May 2016 10:43:05