CVE-2016-2539 in ATutorinfo

Summary

Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

02/23/2016

Disclosure

02/07/2017

Moderation

VulDB entry created

Entries

VDB-96596 (1)

CPE

ready

CWE

CWE-352 (Confirmed)

Exploit

Download

CVSS

6.5

EPSS

0.00082

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-2539
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-2539
CVE Details	https://www.cvedetails.com/cve/CVE-2016-2539/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!