ATutor file_manager Remote Code Execution

Posted on 12 April 2019

This Metasploit module allows the user to run commands on the server with the teacher user privilege. The 'Upload files' section in the 'File Manager' field contains an arbitrary file upload vulnerability.