Want to get paid for a vulnerability similar to this one?
Contact us at: firstname.lastname@example.org
The following advisory describes two (2) vulnerabilities types found in AContent version 1.3.
AContent is an open source learning content management system (LCMS) used to create interoperable, accessible, adaptive Web-based learning content. It can be used along with learning management systems to develop, share, and archive learning materials. For those familiar with ATutor, AContent contains the content authoring, test authoring, and content interoperability features of ATutor, producing a standalone tool that can be used with any system that supports IMS content interoperability standards.
The vulnerability found are:
- Directory Traversal
- Directory Traversal that lead to Remote Code Execution – question_import.php
- Directory Traversal that lead to Remote Code Execution – ims_import.php
- Directory Traversal that lead to Remote Code Execution – import_test.php
An independent security researcher, Steven Seeley, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
AContent has fixed the vulnerabilities in their GitHub master branch.
For more details: