CVE-2006-3996

ATutor < 1.5.3.1 - Authenticated SQL Injection via Desc or Asc Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3996. PoCs published by rgod.

AI-analyzed exploit summary This exploit leverages a blind SQL injection vulnerability in ATutor <= 1.5.3.1 via the 'links' module, allowing an attacker to disclose admin credentials by manipulating the ORDER BY clause in SQL queries.

Description

SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED
by rgod · phpwebappsphp
https://www.exploit-db.com/exploits/2088

This exploit leverages a blind SQL injection vulnerability in ATutor <= 1.5.3.1 via the 'links' module, allowing an attacker to disclose admin credentials by manipulating the ORDER BY clause in SQL queries.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: ATutor <= 1.5.3.1
Auth required
Prerequisites: Valid user account credentials · MySQL >= 4.1 · At least two links in the at_links table
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21308
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1330
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19232
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28082
Various Sources x_refsource_misc
http://atutor.ca/news.php#010806
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3074
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/27665
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/441711/100/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2088

Scores

EPSS 0.0167
EPSS Percentile 73.7%

Details

Status published
Products (1)
adaptive_technology_resource_centre/atutor < 1.5.3.1
Published Aug 05, 2006
Tracked Since Feb 18, 2026