Unrated severityNVD Advisory· Published Nov 1, 2005· Updated Jun 16, 2026

CVE-2005-3405

Description

ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute arbitrary PHP functions via a direct request to forum.inc.php with a modified addslashes parameter with either the (1) asc or (2) desc parameters set, possibly due to an eval injection vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Atutor/Atutorllm-fuzzy
Range: >=1.4.1, <=1.5.1-pl1

Patches

Vulnerability mechanics

Root cause

"Unverified input passed to the addslashes, asc, and desc parameters in forum.inc.php is used to construct a function call, resulting in an eval injection vulnerability."

Attack vector

An attacker sends a crafted HTTP request to `include/html/forum.inc.php` with the `addslashes` parameter set to a PHP function name (e.g., `exec`) and either the `asc` or `desc` parameter set to an argument for that function. This allows arbitrary PHP function execution, such as running shell commands. Successful exploitation requires that `register_globals` is enabled [ref_id=1].

Affected code

The vulnerability resides in `include/html/forum.inc.php`. The `addslashes`, `asc`, and `desc` parameters are not properly verified before being used to construct a function call, leading to arbitrary PHP function execution [ref_id=1].

What the fix does

The advisory states that the vendor released a patch (http://atutor.ca/view/3/6158/1.html) and that the fix would be included in version 1.5.2. The patch likely adds proper input validation or sanitization for the `addslashes`, `asc`, and `desc` parameters in `forum.inc.php` to prevent them from being used to construct arbitrary function calls [ref_id=1].

Preconditions

configPHP register_globals must be enabled
networkNetwork access to the vulnerable ATutor instance
authNo authentication required

Generated on Jun 17, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

www.osvdb.org/20344nvdPatch
secunia.com/advisories/16915/nvdExploitPatchVendor Advisory
secunia.com/secunia_research/2005-55/advisory/nvdExploitPatchVendor Advisory
www.securityfocus.com/bid/15221nvdExploitPatch
marc.infonvd
securityreason.com/securityalert/123nvd
securitytracker.com/idnvd
www.vupen.com/english/advisories/2005/2228nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000