CVE-2006-3996

Adaptive Technology Resource Centre Atutor < 1.5.3.1 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/2088

View Code ZIP pw:eip

References (10)

[Exploit] http://retrogod.altervista.org/atutor_1531_sql.html

[Patch, Vendor Advisory] http://secunia.com/advisories/21308

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/28082

[Various Sources] http://atutor.ca/news.php#010806

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/441711/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/19232

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/2088

[Third Party Advisory, VDB Entry] http://www.osvdb.org/27665

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/3074

[Third Party Advisory] http://securityreason.com/securityalert/1330

Scores

EPSS 0.0317

EPSS Percentile 87.0%

Details

Status published

Products (1)

adaptive_technology_resource_centre/atutor < 1.5.3.1

Published Aug 05, 2006

Tracked Since Feb 18, 2026