Critical severity9.8NVD Advisory· Published Apr 13, 2017· Updated May 13, 2026

CVE-2016-2555

Description

SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/atutor/ATutor/commit/629b2c992447f7670a2fecc484abfad8c4c2d298nvdPatchThird Party Advisory
github.com/atutor/ATutor/commit/945a9dca01def8536516088da30fe6a4b7e9fa85nvdPatchThird Party Advisory
sourceincite.com/research/src-2016-08/nvdExploitThird Party AdvisoryURL Repurposed
www.rapid7.com/db/modules/exploit/multi/http/atutor_sqlinvdThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/39514/nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.065
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000