QwikSec

Security Database

CVE

CWE

Training

CVE-2015-1583

Published: Mar 2, 2020

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account via a request to mods/_core/users/admins/create.php or (2) create a user account via a request to mods/_core/users/create_user.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://packetstormsecurity.com/files/130598/ATutor-LCMS-2.2-Cross-Site-Request-Forgery.html

x_refsource_MISC

vdb-entry

x_refsource_BID

https://github.com/atutor/ATutor/commit/068b8aa37f24645c62235018fb8da340f60e2d18

x_refsource_CONFIRM

https://github.com/atutor/ATutor/commit/0ee827317e497f1db86ddc5080b8af461e4595ce

x_refsource_CONFIRM

https://github.com/atutor/ATutor/commit/af519cfb56da7312eecbb5812484fcbce08e4419

x_refsource_CONFIRM

https://edricteo.com/cve-2015-1583-atutor-lcms-csrf-vulnerability/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.