ByteOS Network

Vulnerability Details :

CVE-2006-3996

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-05 Aug, 2006 | 00:00

Updated At-07 Aug, 2024 | 18:48

SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:05 Aug, 2006 | 00:00

Updated At:07 Aug, 2024 | 18:48

▼CVE Numbering Authority (CNA)

SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters.

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://secunia.com/advisories/21308	third-party-advisory x_refsource_SECUNIA
http://retrogod.altervista.org/atutor_1531_sql.html	x_refsource_MISC
http://securityreason.com/securityalert/1330	third-party-advisory x_refsource_SREASON
http://www.securityfocus.com/bid/19232	vdb-entry x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/28082	vdb-entry x_refsource_XF
http://atutor.ca/news.php#010806	x_refsource_MISC
http://www.vupen.com/english/advisories/2006/3074	vdb-entry x_refsource_VUPEN
http://www.osvdb.org/27665	vdb-entry x_refsource_OSVDB
http://www.securityfocus.com/archive/1/441711/100/0/threaded	mailing-list x_refsource_BUGTRAQ
https://www.exploit-db.com/exploits/2088	exploit x_refsource_EXPLOIT-DB

Hyperlink: http://secunia.com/advisories/21308

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://retrogod.altervista.org/atutor_1531_sql.html

Resource:

x_refsource_MISC

Hyperlink: http://securityreason.com/securityalert/1330

Resource:

third-party-advisory

x_refsource_SREASON

Hyperlink: http://www.securityfocus.com/bid/19232

Resource:

vdb-entry

x_refsource_BID

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/28082

Resource:

vdb-entry

x_refsource_XF

Hyperlink: http://atutor.ca/news.php#010806

Resource:

x_refsource_MISC

Hyperlink: http://www.vupen.com/english/advisories/2006/3074

Resource:

vdb-entry

x_refsource_VUPEN

Hyperlink: http://www.osvdb.org/27665

Resource:

vdb-entry

x_refsource_OSVDB

Hyperlink: http://www.securityfocus.com/archive/1/441711/100/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: https://www.exploit-db.com/exploits/2088

Resource:

exploit

x_refsource_EXPLOIT-DB

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://secunia.com/advisories/21308	third-party-advisory x_refsource_SECUNIA x_transferred
http://retrogod.altervista.org/atutor_1531_sql.html	x_refsource_MISC x_transferred
http://securityreason.com/securityalert/1330	third-party-advisory x_refsource_SREASON x_transferred
http://www.securityfocus.com/bid/19232	vdb-entry x_refsource_BID x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/28082	vdb-entry x_refsource_XF x_transferred
http://atutor.ca/news.php#010806	x_refsource_MISC x_transferred
http://www.vupen.com/english/advisories/2006/3074	vdb-entry x_refsource_VUPEN x_transferred
http://www.osvdb.org/27665	vdb-entry x_refsource_OSVDB x_transferred
http://www.securityfocus.com/archive/1/441711/100/0/threaded	mailing-list x_refsource_BUGTRAQ x_transferred
https://www.exploit-db.com/exploits/2088	exploit x_refsource_EXPLOIT-DB x_transferred

Hyperlink: http://secunia.com/advisories/21308

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://retrogod.altervista.org/atutor_1531_sql.html

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://securityreason.com/securityalert/1330

Resource:

third-party-advisory

x_refsource_SREASON

x_transferred

Hyperlink: http://www.securityfocus.com/bid/19232

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/28082

Resource:

vdb-entry

x_refsource_XF

x_transferred

Hyperlink: http://atutor.ca/news.php#010806

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://www.vupen.com/english/advisories/2006/3074

Resource:

vdb-entry

x_refsource_VUPEN

x_transferred

Hyperlink: http://www.osvdb.org/27665

Resource:

vdb-entry

x_refsource_OSVDB

x_transferred

Hyperlink: http://www.securityfocus.com/archive/1/441711/100/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

x_transferred

Hyperlink: https://www.exploit-db.com/exploits/2088

Resource:

exploit

x_refsource_EXPLOIT-DB

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:05 Aug, 2006 | 00:04

Updated At:03 Apr, 2025 | 01:03

SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 6.5

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:P/I:P/A:P

CPE Matches

adaptive_technology_resource_centre>>atutor>>Versions up to 1.5.3.1(inclusive)

cpe:2.3:a:adaptive_technology_resource_centre:atutor:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

Evaluator Solution

Update to 1.5.3.2

References

Hyperlink	Source	Resource
http://atutor.ca/news.php#010806	cve@mitre.org	N/A
http://retrogod.altervista.org/atutor_1531_sql.html	cve@mitre.org	Exploit
http://secunia.com/advisories/21308	cve@mitre.org	Patch Vendor Advisory
http://securityreason.com/securityalert/1330	cve@mitre.org	N/A
http://www.osvdb.org/27665	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/441711/100/0/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/bid/19232	cve@mitre.org	N/A
http://www.vupen.com/english/advisories/2006/3074	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/28082	cve@mitre.org	N/A
https://www.exploit-db.com/exploits/2088	cve@mitre.org	N/A
http://atutor.ca/news.php#010806	af854a3a-2127-422b-91ae-364da2661108	N/A
http://retrogod.altervista.org/atutor_1531_sql.html	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://secunia.com/advisories/21308	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://securityreason.com/securityalert/1330	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.osvdb.org/27665	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/archive/1/441711/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/19232	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.vupen.com/english/advisories/2006/3074	af854a3a-2127-422b-91ae-364da2661108	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/28082	af854a3a-2127-422b-91ae-364da2661108	N/A
https://www.exploit-db.com/exploits/2088	af854a3a-2127-422b-91ae-364da2661108	N/A