VYPR
Unrated severityOSV Advisory· Published Apr 22, 2019· Updated Aug 4, 2024

CVE-2019-11446

CVE-2019-11446

Description

An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user privilege. The Upload Files section in the File Manager field contains an arbitrary file upload vulnerability via upload.php. The $IllegalExtensions value only lists lowercase (and thus .phP is a bypass), and omits .shtml and .phtml.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Atutor/AtutorOSV2 versions
    atutor_1_4_2, atutor_1_5, atutor_1_5_1, …+ 1 more
    • (no CPE)range: atutor_1_4_2, atutor_1_5, atutor_1_5_1, …
    • (no CPE)range: <=2.2.4

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.