CNNVD-202602-1165 Information

CNNVD ID

CNNVD-202602-1165

Related CVE

CVE-2020-37147

• CNNVD Published: 2026-02-07

Description (Chinese)

ATutor是Atutor团队的一套开源的基于Web的学习内容管理系统（LCMS）。该系统包括教学内容管理、论坛、聊天室等模块。 ATutor 2.2.4版本存在SQL注入漏洞，该漏洞源于admin_delete.php脚本中参数id未经验证，可能导致SQL注入攻击。

Description (English)

Autotor is an open-source Web-based learning content management system (LCMS) for the Atutor team. The system includes modules on content management, forums, chat rooms, etc. Version 2.2.4 has an injection loophole in SQL, which originates from the unverified parameter id in the admin delete.php script, which could lead to an attack by SQL.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

Atutor

Published

2026-02-07

Last Modified

2026-02-24

References

https://atutor.github.io/ https://www.exploit-db.com/exploits/48117 https://www.vulncheck.com/advisories/atutor-id-sql-injection