registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a vulnerability in ATutor.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.03174
Percentile: 0.8641

CVSS Scoring

Affected Products

• cpe:2.3:a:adaptive_technology_resource_centre:atutor:1.5.1_pl2:*:*:*:*:*:*:*

← Back to Home