Design/Logic Flaw

2017-07-2518:29:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

38.9%

JSON

The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL.

CPENameOperatorVersion
efrontle3.6.15.4

CPE	Name	Operator	Version
	efront	le	3.6.15.4

References

forum.efrontlearning.net/viewtopic.php?f=15&t=9841

mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html