CVE-2019-12169

Published
View on NVD ↗
CVSS v3
8.8
HIGH
CVSS v2
6.8
MEDIUM
Affected
1
PROJECT

Description

ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component.

fuzzlove/ATutor-2.2.4-Language-Exploit
fuzzlove/ATutor-2.2.4-Language-Exploit
ATutor 2.2.4 Arbitrary File Upload / RCE (CVE-2019-12169)
GitHubGitHub
3