TROYANOSYVIRUS
Volver a CVEs

CVE-2016-2555

N/A

Descripcion

SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.

Detalles CVE

Puntuacion CVSS v3.1N/A
Publicado4/13/2017
Ultima modificacion4/20/2025
Fuentenvd
Avistamientos honeypot0

Productos afectados

atutor:atutor

Debilidades (CWE)

CWE-89

Referencias

http://sourceincite.com/research/src-2016-08/(cve@mitre.org)
http://www.rapid7.com/db/modules/exploit/multi/http/atutor_sqli(cve@mitre.org)
https://github.com/atutor/ATutor/commit/629b2c992447f7670a2fecc484abfad8c4c2d298(cve@mitre.org)
https://github.com/atutor/ATutor/commit/945a9dca01def8536516088da30fe6a4b7e9fa85(cve@mitre.org)
https://www.exploit-db.com/exploits/39514/(cve@mitre.org)
http://sourceincite.com/research/src-2016-08/(af854a3a-2127-422b-91ae-364da2661108)
http://www.rapid7.com/db/modules/exploit/multi/http/atutor_sqli(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/atutor/ATutor/commit/629b2c992447f7670a2fecc484abfad8c4c2d298(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/atutor/ATutor/commit/945a9dca01def8536516088da30fe6a4b7e9fa85(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/39514/(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.