Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Atutor | Atutor | <= 2.2.1 |
Related Weaknesses (CWE)
References
- https://github.com/atutor/ATutor/commit/bfc6c80c6c217c5515172f3cc949e13dfa1a92acPatchVendor Advisory
- https://packetstormsecurity.com/files/136109/ATutor-LMS-2.2.1-CSRF-Remote-Code-EExploitPatchThird Party Advisory
- https://www.exploit-db.com/exploits/39524/
- https://github.com/atutor/ATutor/commit/bfc6c80c6c217c5515172f3cc949e13dfa1a92acPatchVendor Advisory
- https://packetstormsecurity.com/files/136109/ATutor-LMS-2.2.1-CSRF-Remote-Code-EExploitPatchThird Party Advisory
- https://www.exploit-db.com/exploits/39524/
FAQ
What is CVE-2016-2539?
CVE-2016-2539 is a vulnerability with a CVSS score of 8.8 (HIGH). Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and...
How severe is CVE-2016-2539?
CVE-2016-2539 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-2539?
Check the references section above for vendor advisories and patch information. Affected products include: Atutor Atutor.