ATutor Backup Arbitrary File uploads
fuzzlove opened this issue · 3 comments
fuzzlove commented
Dear ATutor,
I have found an issue with ATutor 2.2.4 and prior that allows users to upload arbitrary files and can result in remote code execution. The specific method that I have found uses the instructor account and the Backup function. https://github.com/fuzzlove/ATutor-Instructor-Backup-Arbitrary-File I realize there is a similar issue in CVE-2019-11446 but I just wanted to make sure that you are aware.
Best regards
fuzzlove commented
atutor commented
Thanks all. ATutor is no longer being maintained, but we’ll take pull requests to patch issues,