ID de Prueba:	1.3.6.1.4.1.25623.1.0.19765
Categoría:	Web application abuses
Título:	ATutor password reminder SQL injection
Resumen:	The remote version of ATutor contains an input validation flaw in; the 'password_reminder.php' script. This vulnerability occurs only when 'magic_quotes_gpc' is set to; off in the 'php.ini' configuration file.
Descripción:	Summary: The remote version of ATutor contains an input validation flaw in the 'password_reminder.php' script. This vulnerability occurs only when 'magic_quotes_gpc' is set to off in the 'php.ini' configuration file. Vulnerability Impact: A malicious user can exploit this flaw to manipulate SQL queries and steal any user's password. Solution: Upgrade to ATutor 1.5.1 pl1 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2954 BugTraq ID: 14831 http://www.securityfocus.com/bid/14831 Bugtraq: 20050914 ATutor 1.5.1 SQL Injection / Admin credentials disclosure / Information disclosure / User impersonation / Remote code execution (Google Search) http://marc.info/?l=bugtraq&m=112671176100432&w=2 http://rgod.altervista.org/atutor151.html http://www.osvdb.org/19411 http://secunia.com/advisories/16813/ http://www.vupen.com/english/advisories/2005/1751 XForce ISS Database: atutor-passwordreminder-sql-injection(22282) https://exchange.xforce.ibmcloud.com/vulnerabilities/22282
Copyright	Copyright (C) 2005 Josh Zlatin-Amishav

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.