17 Mai 2019
Vulnérabilité CVE-2019-12170 CVE Vulnerability
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. (CVSS:0.0) (Last Update:2019-05-17)
Vulnerability Details : ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. Publish Date : 2019-05-17 Last Update Date : 2019-05-17 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2019-12170
- References For CVE-2019-12170
| |||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2019-12170There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |