TTCSIRT-347.08.28.20: TT-CSIRT ADVISORY – Atutor SQL Injection

TTCSIRT-347.08.28.20: TT-CSIRT ADVISORY – Atutor SQL Injection

An SQL injection vulnerability exists in ATutor. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system.

This module exploits a SQL Injection vulnerability and an authentication weakness vulnerability in ATutor. This essentially means an attacker can bypass authentication and reach the administrator’s interface where they can upload malicious code.

Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands.

For further information and support foe solution, please visit the following link:
https://www.checkpoint.com/defense/advisories/public/2020/cpai-2016-0977.html

If you have any queries or comments with regards to this advisory, please feel free to contact TTCSIRT via contacts@ttcsirt.gov.tt