CVE-2016-2555

SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands…

mitre·CWE-89·Published 2017-04-13

CVSS

—

EPSS

0.80

KEV

Exploits

cve.orgen

189 chars

SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.

NVDen

189 chars

SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.

NVDes

208 chars

La vulnerabilidad de inyección de SQL en include/lib/mysql_connect.inc.php en ATutor 2.2.1 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de la función searchFriends a friends.inc.php.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.0	Primary	NVD	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H