CVE-2005-4155

ATutor 1.5.1 pl2 - SQL Injection

Title source: llm

Description

registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a vulnerability in ATutor.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1298

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://securitytracker.com/alerts/2005/Nov/1015166.html

[Exploit, Vendor Advisory] http://rgod.altervista.org/atutor151pl2.html

[Third Party Advisory, VDB Entry] http://www.osvdb.org/20851

[Exploit] http://www.securityfocus.com/bid/15355/

Scores

EPSS 0.0317

EPSS Percentile 87.0%

Details

Status published

Products (1)

adaptive_technology_resource_centre/atutor 1.5.1_pl2

Published Dec 11, 2005

Tracked Since Feb 18, 2026