TTCSIRT-347.08.28.20: TT-CSIRT ADVISORY – Atutor SQL Injection
An SQL injection vulnerability exists in ATutor. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system.
This module exploits a SQL Injection vulnerability and an authentication weakness vulnerability in ATutor. This essentially means an attacker can bypass authentication and reach the administrator’s interface where they can upload malicious code.
Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands.
For further information and support foe solution, please visit the following link:
If you have any queries or comments with regards to this advisory, please feel free to contact TTCSIRT via firstname.lastname@example.org