Lucene search

MitreCVE-2015-4463

HistoryJul 25, 2017 - 6:29 p.m.

CVE-2015-4463

2017-07-2518:29:00

CWE-434

mitre

web.nvd.nist.gov

efront cms

file_manager

file-upload restrictions

cve-2015-4463

security vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

38.9%

JSON

The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL.

Affected configurations

Nvd

Node

efrontlearningefrontRange≤3.6.15.4

VendorProductVersionCPE
efrontlearningefront*cpe:2.3:a:efrontlearning:efront:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
efrontlearning	efront	*	cpe:2.3:a:efrontlearning:efront::::::::

References

forum.efrontlearning.net/viewtopic.php?f=15&t=9841

mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

38.9%

JSON

Related for CVE-2015-4463