CVE-2021-43498
First published: Fri Apr 08 2022(Updated: )
An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h, form_password_hidden, and form_change HTTP POST parameters are set.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atutor Atutor | =2.2.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this ATutor Access Control vulnerability?
The vulnerability ID for this ATutor Access Control vulnerability is CVE-2021-43498.
What is the severity of CVE-2021-43498?
The severity of CVE-2021-43498 is high with a CVSS score of 7.5.
Which software version is affected by CVE-2021-43498?
ATutor 2.2.4 is affected by CVE-2021-43498.
How does the vulnerability manifest in ATutor 2.2.4?
The vulnerability manifests in ATutor 2.2.4 in password_reminder.php when specific HTTP POST parameters are set.
Is there a fix available for CVE-2021-43498?
Yes, a fix is available for CVE-2021-43498. It is recommended to update to a version that has addressed this vulnerability.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/atutor
- canonical/atutor atutor
- version/atutor atutor/2.2.4