SQL Injection Vulnerability in registration.PHP in ATutor 1.5.1 pl2

SQL Injection Vulnerability in registration.PHP in ATutor 1.5.1 pl2

CVE-2005-4155 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a vulnerability in ATutor.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.