Vulnerability Description
Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php, the (2) req_lang parameter in documentation/common/search.php and (c) documentation/common/vitals.inc.php, the (3) row[dir_name] parameter in (d) include/classes/module/module.class.php, and the (4) lang_path parameter in (e) include/classes/phpmailer/class.phpmailer.php. NOTE: the print.php vector is already covered by CVE-2005-3404.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adaptive Technology Resource Centre | Atutor | 1.5.3.2 |
References
- http://securityreason.com/securityalert/1823
- http://www.securityfocus.com/archive/1/449233/100/200/threaded
- http://www.securityfocus.com/bid/20634
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29693
- http://securityreason.com/securityalert/1823
- http://www.securityfocus.com/archive/1/449233/100/200/threaded
- http://www.securityfocus.com/bid/20634
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29693
FAQ
What is CVE-2006-5734?
CVE-2006-5734 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.p...
How severe is CVE-2006-5734?
CVE-2006-5734 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5734?
Check the references section above for vendor advisories and patch information. Affected products include: Adaptive Technology Resource Centre Atutor.