{"id":"CVE-2016-2555","details":"SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.","modified":"2026-03-14T09:19:18.805295Z","published":"2017-04-13T14:59:01.637Z","references":[{"type":"WEB","url":"https://www.exploit-db.com/exploits/39514/"},{"type":"ADVISORY","url":"http://www.rapid7.com/db/modules/exploit/multi/http/atutor_sqli"},{"type":"FIX","url":"https://github.com/atutor/ATutor/commit/629b2c992447f7670a2fecc484abfad8c4c2d298"},{"type":"FIX","url":"https://github.com/atutor/ATutor/commit/945a9dca01def8536516088da30fe6a4b7e9fa85"},{"type":"EVIDENCE","url":"http://sourceincite.com/research/src-2016-08/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/atutor/atutor","events":[{"introduced":"0"},{"last_affected":"68285ea31de595c67d5f60720fb76d49c6347f3a"},{"fixed":"629b2c992447f7670a2fecc484abfad8c4c2d298"},{"fixed":"945a9dca01def8536516088da30fe6a4b7e9fa85"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.2.1"}]}}],"versions":["atutor_1_4_2","atutor_1_5","atutor_1_5_1","atutor_1_5_2","atutor_1_5_3","atutor_1_5_3_1","atutor_1_5_3_2","atutor_1_5_3_3","atutor_1_5_5","atutor_2_1","atutor_2_1_1","atutor_2_2","atutor_2_2_1","start"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2555.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}