CVE-2012-5167
ATutor AContent <1.2 - SQL Injection
Title source: llmDescription
Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to execute arbitrary SQL commands via the (1) field parameter to course_category/index_inline_editor_submit.php or (2) user/index_inline_editor_submit.php; or (3) id parameter to user/user_password.php.
Exploits (1)
References (10)
Scores
EPSS
0.0132
EPSS Percentile
80.0%
Details
CWE
CWE-89
Status
published
Products (1)
atutor/acontent
< 1.2
Published
Oct 22, 2012
Tracked Since
Feb 18, 2026