Unrated severityNVD Advisory· Published Jul 18, 2006· Updated Apr 16, 2026

CVE-2006-3662

Description

SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states "The mentioned SQL injection vulnerability is not possible." However, the relevant source code suggests that this issue may be legitimate, and the parameter is cleansed in 1.5.3.1

Affected products

Adaptive Technology Resource Centre/Atutor
cpe:2.3:a:adaptive_technology_resource_centre:atutor:1.5.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/bugtraq/2006-07/0096.htmlnvdExploit
www.securityfocus.com/bid/18898nvdExploit
www.osvdb.org/28188nvd
www.securityfocus.com/archive/1/439873/100/100/threadednvd
www.securityfocus.com/archive/1/440837/100/100/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/27620nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000