Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3368

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2008-3368
Last Modified 07 Mar 2011 10:10:40
Published 30 Jul 2008 01:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-3368

Summary

PHP remote file inclusion vulnerability in tools/packages/import.php in ATutor 1.6.1 pl1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via a URL in the type parameter.

Vulnerable Systems

Application

  • Atutor 0.9.6

  • Atutor 0.9.7

  • Atutor 1.0

  • Atutor 1.2.1

  • Atutor 1.2.2

  • Atutor 1.3

  • Atutor 1.3.1

  • Atutor 1.3.2

  • Atutor 1.3.3

  • Atutor 1.4

  • Atutor 1.4.1

  • Atutor 1.4.2

  • Atutor 1.4.3

  • Atutor 1.5.1

  • Atutor 1.5.2

  • Atutor 1.5.3

  • Atutor 1.5.3.1

  • Atutor 1.5.3.2

  • Atutor 1.5.4

  • Atutor 1.5.5

  • Atutor 1.6

  • Atutor 1.6.1


References

XF - atutor-import-file-include(44051)

VUPEN - ADV-2008-2206

BID - 30412

MILW0RM - 6153

SREASON - 4064

SECUNIA - 31274


Last Updated: 27 May 2016 10:48:10