ATutor 2.2.4 Arbitrary File Upload / RCE (CVE-2019-12169)

Exploit Title: ATutor 2.2.4 Arbitrary File Upload / RCE [CVE-2019-12169]
Date: 5/24/19
Exploit Author: liquidsky (JMcPeters)
Vendor Homepage: https://atutor.github.io/
Software Link: https://sourceforge.net/projects/atutor/files/latest/download
Version: 2.2.4
Tested on: Windows 8 / Apache / MySQL (XAMPP)
CVE : CVE-2019-12169 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12169
Author Site: http://incidentsecurity.com | https://github.com/fuzzlove

Description: ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component.

Greetz: wetw0rk, offsec ^^

Notes: This application is no longer being maintained so there is no fix for this issue.

update: if you wish to test this manually I have included the poc.zip for a better understanding.

CVE-2019-12170: https://github.com/fuzzlove/ATutor-Instructor-Backup-Arbitrary-File
CVE-2019-12169: https://github.com/fuzzlove/ATutor-2.2.4-Language-Exploit

Name		Name	Last commit message	Last commit date
Latest commit History 15 Commits
README.md		README.md
atutor-upload-rce.py		atutor-upload-rce.py
poc.zip		poc.zip

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

atutor-upload-rce.py

atutor-upload-rce.py

poc.zip

poc.zip

Repository files navigation

ATutor 2.2.4 Arbitrary File Upload / RCE (CVE-2019-12169)

About

Releases

Packages

Languages

fuzzlove/ATutor-2.2.4-Language-Exploit

Folders and files

Latest commit

History

Repository files navigation

ATutor 2.2.4 Arbitrary File Upload / RCE (CVE-2019-12169)

About

Topics

Resources

Stars

Watchers

Forks

Languages