holisticinfosec.org - HIO-2009-0503 ATutor 1.6.2 Cross-site framing

Home
Blog
toolsmith (ISSA)
Research
Events
Publications
In The News
News
Best Practices
Links
How To
Standards
Simplicity
Philosophy
Security News Feeds
Search
Contact

"What gets us into trouble is not what we don't know. It's what we know for sure that just ain't so. - Mark Twain"

RSS

HIO-2009-0503 ATutor 1.6.2 Cross-site framing

ATutor 1.6.2 contains a cross-site framing vulnerability which can be exploited by malicious people to conduct phishing attacks.

Input passed to the "p" parameter in documentation/index.php is not properly verified before being linked into the frameset, which can be used to conduct spoofing or phishing attacks.

The vulnerability is confirmed in version 1.6.2. Other versions may also be affected.

References:

CVE-2009-pending

BID: 35129

FrSIRT: N/A

Nessus:N/A

OSVDB: 55728

SA: 35043

XF:

Vendor Solution: Apply ATutor patch #24 .

< Prev		Next >

[ Back ]