Approved changes feed: RSS · Atom
cpe:2.3:a:adaptive_technology_resource_centre:atutor:1.5.1:*:*:*:*:*:*:*
part: a version: 1.5.1 update: *
| Vendor | Adaptive Technology Resource Centre (94088f96-8c62-59c6-b301-d7adf85e636d) |
|---|---|
| Product | Atutor (62bb5133-b69b-5c5f-b1d7-624741f12365) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/atutor/atutor_opencaps |
purl2cpe | 2026-06-01 10:17:55.511566 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2006-3821 |
vulnerable | 2026-06-03 14:27:36.011941 |
Details available
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in (a) index_list.php and (2) year, (3) month, and (4) day parameter in (b) registration.php.
Published: 2006-07-25T00:00:00.000Z
Updated: 2024-08-07T18:48:39.219Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-3484 |
vulnerable | 2026-06-03 14:27:35.213628 |
Details available
Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) show_courses or (2) current_cat parameters to (a) admin/create_course.php, show_courses parameter to (b) users/create_course.php, (3) p parameter to (c) documentation/admin/, (4) forgot parameter to (d) password_reminder.php, (5) cat parameter to (e) users/browse.php, or the (6) submit parameter to admin/fix_content.php.
Published: 2006-07-10T20:00:00.000Z
Updated: 2024-08-07T18:30:33.915Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2005-3405 |
not_vulnerable | 2026-06-03 14:27:09.804963 |
Details available
ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute arbitrary PHP functions via a direct request to forum.inc.php with a modified addslashes parameter with either the (1) asc or (2) desc parameters set, possibly due to an eval injection vulnerability.
Published: 2005-11-01T11:00:00.000Z
Updated: 2024-08-07T23:10:08.547Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2005-3404 |
vulnerable | 2026-06-03 14:27:09.804515 |
Details available
Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php.
Published: 2005-11-01T11:00:00.000Z
Updated: 2024-08-07T23:10:08.468Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2005-3403 |
vulnerable | 2026-06-03 14:27:09.803488 |
Details available
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the _base_href parameter in translate.php, (2) the _base_path parameter in news.inc.php, and (3) the p parameter in add_note.php.
Published: 2005-11-01T11:00:00.000Z
Updated: 2024-08-07T23:10:08.316Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2005-2956 |
vulnerable | 2026-06-03 14:27:03.669897 |
Details available
ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files.
Published: 2005-09-16T04:00:00.000Z
Updated: 2024-08-07T22:53:29.938Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2005-2955 |
vulnerable | 2026-06-03 14:27:03.669633 |
Details available
config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute arbitrary code by uploading files with other executable extensions such as .inc, .php4, or others.
Published: 2005-09-16T04:00:00.000Z
Updated: 2024-08-07T22:53:29.875Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2005-2954 |
vulnerable | 2026-06-03 14:27:03.669363 |
Details available
SQL injection vulnerability in password_reminder.php in ATutor before 1.5.1 pl1 allows remote attackers to execute arbitrary SQL commands via the email field.
Published: 2005-09-16T04:00:00.000Z
Updated: 2024-08-07T22:53:29.657Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2005-2649 |
vulnerable | 2026-06-03 14:27:02.735857 |
Details available
Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via (1) course parameter in login.php or (2) words parameter in search.php.
Published: 2005-08-21T04:00:00.000Z
Updated: 2024-08-07T22:45:01.636Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.