Vulnerability Description
SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states "The mentioned SQL injection vulnerability is not possible." However, the relevant source code suggests that this issue may be legitimate, and the parameter is cleansed in 1.5.3.1
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adaptive Technology Resource Centre | Atutor | 1.5.3 |
References
- http://archives.neohapsis.com/archives/bugtraq/2006-07/0096.htmlExploit
- http://www.osvdb.org/28188
- http://www.securityfocus.com/archive/1/439873/100/100/threaded
- http://www.securityfocus.com/archive/1/440837/100/100/threaded
- http://www.securityfocus.com/bid/18898Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27620
- http://archives.neohapsis.com/archives/bugtraq/2006-07/0096.htmlExploit
- http://www.osvdb.org/28188
- http://www.securityfocus.com/archive/1/439873/100/100/threaded
- http://www.securityfocus.com/archive/1/440837/100/100/threaded
- http://www.securityfocus.com/bid/18898Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27620
FAQ
What is CVE-2006-3662?
CVE-2006-3662 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states "...
How severe is CVE-2006-3662?
CVE-2006-3662 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3662?
Check the references section above for vendor advisories and patch information. Affected products include: Adaptive Technology Resource Centre Atutor.