VYPR
Unrated severityNVD Advisory· Published Sep 16, 2005· Updated Jun 16, 2026

CVE-2005-2955

CVE-2005-2955

Description

config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute arbitrary code by uploading files with other executable extensions such as .inc, .php4, or others.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Atutor/Atutor2 versions
    cpe:2.3:a:adaptive_technology_resource_centre:atutor:1.5.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:adaptive_technology_resource_centre:atutor:1.5.1:*:*:*:*:*:*:*
    • (no CPE)range: <=1.5.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.