cvedb.io
CVE-2017-1000004
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2017-07-17T13:18:16.030 · Last modified 2026-06-17T00:58:34.240

Summary

ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend Search, Social Group Search, File Comment, Gradebook Test Title, User Group Membership, Inbox/Sent Items, Sent Messages, Links, Photo Album, Poll, Social Application, Social Profile, Test, Content Menu, Auto-Login, and Gradebook components resulting in information disclosure, database modification, or potential code execution.

Affected products

atutor — atutor

Does this affect you?

Add your gear to cvedb and we'll alert you only when atutor ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.