Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5167

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-5167
Last Modified 10 Apr 2013 11:31:35
Published 22 Oct 2012 07:55:09
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5167

Summary

Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to execute arbitrary SQL commands via the (1) field parameter to course_category/index_inline_editor_submit.php or (2) user/index_inline_editor_submit.php; or (3) id parameter to user/user_password.php.

Vulnerable Systems

Application

  • Atutor Acontent 1.2


References

MISC - https://www.htbridge.com/advisory/HTB23117

XF - acontent-field-id-sql-injection(79460)

XF - acontent-field-sql-injection(79459)

BID - 56100

CONFIRM - http://update.atutor.ca/acontent/patch/1_2/

SECUNIA - 51034

SECUNIA - 51014

BUGTRAQ - 20121017 Multiple vulnerabilities in AContent

OSVDB - 86425

OSVDB - 86424


Last Updated: 27 May 2016 11:01:09