CVE-2016-2555

N/A

Description

SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.

CVE Details

CVSS v3.1 ScoreN/A

Published4/13/2017

Last Modified4/20/2025

Sourcenvd

Honeypot Sightings0

Affected Products

atutor:atutor

Weaknesses (CWE)

CWE-89

References

http://sourceincite.com/research/src-2016-08/(cve@mitre.org)

http://www.rapid7.com/db/modules/exploit/multi/http/atutor_sqli(cve@mitre.org)

https://github.com/atutor/ATutor/commit/629b2c992447f7670a2fecc484abfad8c4c2d298(cve@mitre.org)

https://github.com/atutor/ATutor/commit/945a9dca01def8536516088da30fe6a4b7e9fa85(cve@mitre.org)

https://www.exploit-db.com/exploits/39514/(cve@mitre.org)

http://sourceincite.com/research/src-2016-08/(af854a3a-2127-422b-91ae-364da2661108)

http://www.rapid7.com/db/modules/exploit/multi/http/atutor_sqli(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/atutor/ATutor/commit/629b2c992447f7670a2fecc484abfad8c4c2d298(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/atutor/ATutor/commit/945a9dca01def8536516088da30fe6a4b7e9fa85(af854a3a-2127-422b-91ae-364da2661108)

https://www.exploit-db.com/exploits/39514/(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.