You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have found an issue with ATutor 2.2.4 and prior that allows users to upload arbitrary files and can result in remote code execution. The specific method that I have found uses the instructor account and the Backup function. https://github.com/fuzzlove/ATutor-Instructor-Backup-Arbitrary-File I realize there is a similar issue in CVE-2019-11446 but I just wanted to make sure that you are aware.
Best regards
The text was updated successfully, but these errors were encountered:
fuzzlove
changed the title
ATutor Backup Arbitrary FIle uploads
ATutor Backup Arbitrary File uploads
May 13, 2019
Dear ATutor,
I have found an issue with ATutor 2.2.4 and prior that allows users to upload arbitrary files and can result in remote code execution. The specific method that I have found uses the instructor account and the Backup function. https://github.com/fuzzlove/ATutor-Instructor-Backup-Arbitrary-File I realize there is a similar issue in CVE-2019-11446 but I just wanted to make sure that you are aware.
Best regards
The text was updated successfully, but these errors were encountered: