VYPR
Unrated severityNVD Advisory· Published Jun 3, 2019· Updated Aug 4, 2024

CVE-2019-12169

CVE-2019-12169

Description

ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • ATutor/ATutordescription
  • Atutor/Atutorllm-fuzzy
    Range: = 2.2.4

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.