GCVE - cpe:2.3:a:adaptive_technology_resource_centre:atutor:1.4.2:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:adaptive_technology_resource_centre:atutor:1.4.2:*:*:*:*:*:*:*

part: a version: 1.4.2 update: *

Vendor	Adaptive Technology Resource Centre (`94088f96-8c62-59c6-b301-d7adf85e636d`)
Product	Atutor (`62bb5133-b69b-5c5f-b1d7-624741f12365`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/atutor/atutor_opencaps`	purl2cpe	2026-06-01 10:17:55.509691

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2006-3821`	vulnerable	2026-06-03 14:27:36.011407	Details available Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in (a) index_list.php and (2) year, (3) month, and (4) day parameter in (b) registration.php. Published: 2006-07-25T00:00:00.000Z Updated: 2024-08-07T18:48:39.219Z Open on db.gcve.eu Reference links http://www.osvdb.org/displayvuln.php?osvdb_id=28187 https://exchange.xforce.ibmcloud.com/vulnerabilities/27619 http://www.securityfocus.com/archive/1/439873/100/100/threaded http://www.securityfocus.com/archive/1/439522 http://secunia.com/advisories/21008	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-3405`	not_vulnerable	2026-06-03 14:27:09.804927	Details available ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute arbitrary PHP functions via a direct request to forum.inc.php with a modified addslashes parameter with either the (1) asc or (2) desc parameters set, possibly due to an eval injection vulnerability. Published: 2005-11-01T11:00:00.000Z Updated: 2024-08-07T23:10:08.547Z Open on db.gcve.eu Reference links http://marc.info/?l=bugtraq&m=113043022821049&w=2 http://www.vupen.com/english/advisories/2005/2228 http://secunia.com/advisories/16915/ http://securityreason.com/securityalert/123 http://securitytracker.com/id?1015165	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-3404`	vulnerable	2026-06-03 14:27:09.804479	Details available Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php. Published: 2005-11-01T11:00:00.000Z Updated: 2024-08-07T23:10:08.468Z Open on db.gcve.eu Reference links http://marc.info/?l=bugtraq&m=113043022821049&w=2 http://www.vupen.com/english/advisories/2005/2228 http://secunia.com/advisories/16915/ http://www.osvdb.org/20346 http://www.osvdb.org/20345	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-3403`	vulnerable	2026-06-03 14:27:09.802488	Details available Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the _base_href parameter in translate.php, (2) the _base_path parameter in news.inc.php, and (3) the p parameter in add_note.php. Published: 2005-11-01T11:00:00.000Z Updated: 2024-08-07T23:10:08.316Z Open on db.gcve.eu Reference links http://marc.info/?l=bugtraq&m=113043022821049&w=2 http://www.vupen.com/english/advisories/2005/2228 http://secunia.com/advisories/16915/ http://www.osvdb.org/20348 http://www.osvdb.org/20349	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Atutor

PURL mappings

Vulnerability references

Contribute