HIGH
Atutor
CVE published 2017-02-07
CVE-2016-2539
CVE-2016-2539 is a high-severity CSRF issue in ATutor before 2.2.2. The flaw affects install_modules.php and can be abused when an authenticated user is induced to send a crafted request, potentially leading to arbitrary file upload and execution of PHP code. NVD rates the issue CVSS 8.8 with UI:R, PR:N, and high impact across confidentiality, integrity, and availability.