Posted in Exploits Penetration Testing Web Application

ATutor 2.2.4 ‘language_import’ Arbitrary File Upload / RCE (CVE-2019-12169)

This proof of concept is demonstrating a vulnerability in ‘/mods/_core/languages/language_import.php’ that can be used to get remote code execution. The code can be modified to…

Continue Reading?
Posted in Exploits Web Application

ATutor 2.2.4 ‘Backup’ Remote Command Execution (CVE-2019-12170)

ATutor-Instructor-Backup-Exploit Exploit Title: ATutor 2.2.4 ‘Backup’ Remote Command Execution Google Dork: inurl:/ATutor/login.php Date: 5/13/2019 Exploit Author: Joseph McPeters Vendor Homepage: https://atutor.github.io/ Software Link: https://sourceforge.net/projects/atutor/files/latest/download Version:…

Continue Reading?