registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a vulnerability in ATutor.
References
Link | Resource |
---|---|
http://rgod.altervista.org/atutor151pl2.html | Exploit Vendor Advisory |
http://securitytracker.com/alerts/2005/Nov/1015166.html | |
http://www.osvdb.org/20851 | |
http://www.securityfocus.com/bid/15355/ | Exploit |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2005-12-11T02:00:00
Updated: 2006-04-04T09:00:00
Reserved: 2005-12-11T00:00:00
Link: CVE-2005-4155
JSON object: View
NVD Information
Status : Analyzed
Published: 2005-12-11T02:03:00.000
Modified: 2008-09-05T20:56:11.317
Link: CVE-2005-4155
JSON object: View
Redhat Information
No data.
CWE