VYPR
Unrated severityNVD Advisory· Published May 17, 2019· Updated Aug 4, 2024

CVE-2019-12170

CVE-2019-12170

Description

ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • ATutor/ATutordescription
  • Atutor/Atutorllm-fuzzy
    Range: <=2.2.4

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.