CVE-2006-3662

SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states "The mentioned SQL injection vulnerability is not possible." However, the relevant source code suggests that this issue may be legitimate, and the parameter is cleansed in 1.5.3.1

Published: Jul 18, 2006
Updated: Nov 8, 2023
CVE: CVE-2006-3662
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
adaptive_technology_resource_centre / atutor	1.5.3	1.5.3.x

http://archives.neohapsis.com/archives/bugtraq/2006-07/0096.html
http://www.osvdb.org/28188
http://www.securityfocus.com/archive/1/439873/100/100/threaded
http://www.securityfocus.com/archive/1/440837/100/100/threaded
http://www.securityfocus.com/bid/18898
https://exchange.xforce.ibmcloud.com/vulnerabilities/27620

Vulnerability Database

289,784

CVE-2006-3662