Description: rgod has discovered a vulnerability in ATutor, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the "Email Address" field in "password_reminder.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation requires that "magic_quotes_gpc" is disabled.
The vulnerability has been confirmed in version 1.5.1. Other versions may also be affected.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
