Description
ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files.
Exploits (1)
References (4)
Core 4
Core References
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/9
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112671176100432&w=2
Exploit, Vendor Advisory x_refsource_misc
http://rgod.altervista.org/atutor151.html
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/14832
Scores
EPSS
0.0525
EPSS Percentile
90.0%
Details
Status
published
Products (1)
adaptive_technology_resource_centre/atutor
1.5.1
Published
Sep 16, 2005
Tracked Since
Feb 18, 2026