CVE-2006-3662
Adaptive Technology Resource Centre Atutor - SQL Injection
Title source: ruleDescription
SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states "The mentioned SQL injection vulnerability is not possible." However, the relevant source code suggests that this issue may be legitimate, and the parameter is cleansed in 1.5.3.1
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by securityconnection · textwebappsphp
https://www.exploit-db.com/exploits/28192
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27620
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2006-07/0096.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/28188
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/18898
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/440837/100/100/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/439873/100/100/threaded
Scores
EPSS
0.0083
EPSS Percentile
74.5%
Details
Status
published
Products (1)
adaptive_technology_resource_centre/atutor
1.5.3
Published
Jul 18, 2006
Tracked Since
Feb 18, 2026