245 matches found
CVE-2019-5069
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...
Vulnerability Spotlight: Password reset vulnerability in Epignosis eFront
Richard Dean, CX security advisory, EMEAR, discovered this vulnerability. Blog by Jon Munshaw. Epignosis eFront contains a vulnerability that could allow an adversary to reset the password of any account of their choosing. eFront is a learning management system platform that allows users to creat...
Epignosis eFront LMS Password Reset authentication bypass vulnerability
Summary A predictable seed vulnerability eixsts in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the...
CVE-2019-5069
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...
CVE-2019-5069
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...
CVE-2019-5070
An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no...
CVE-2019-5070
An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no...
Remote code execution
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...
Sql injection
An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no...
CVE-2019-5070
EPIGNOSIS eFront LMS SQL Injection (CVE-2019-5070) affects Epignosis eFront LMS
CVE-2019-5070
An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no...
CVE-2019-5069
Epignosis eFront LMS v5.2.12 is affected by a PHP deserialization code execution vulnerability (CVE-2019-5069). Cisco Talos (TALOS-2019-0858) describes unsafe deserialization of untrusted data leading to remote code execution. Affected component is the LMS PHP backend; deserialization occurs when...
CVE-2019-5069
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...
Epignosis eFront LMS Code Issue Vulnerability
Epignosis eFront LMS is a suite of online e-learning platforms from Epignosis, Inc. in the United States. The platform provides test building, assignment management, internal messaging, forums and online chat. A code issue vulnerability exists in Epignosis eFront LMS version 5.2.12, which can be...
Epignosis eFront LMS SQL Injection Vulnerability
Epignosis eFront LMS is a suite of online e-learning platforms from Epignosis, Inc. in the United States. The platform provides test building, assignment management, internal messaging, forums and online chat. A SQL injection vulnerability exists in Epignosis eFront LMS version 5.2.12 and earlier...
Vulnerability Spotlight: Two vulnerabilities in Epignosis eFront
Yuri Kramarz of Security Advisory Incident Response EMEAR discovered these vulnerabilities. Cisco Talos discovered two vulnerabilities in Epignosis eFront — one of which could allow an attacker to remotely execute code on the victim system, and another that opens the victim machine to SQL...
Epignosis eFront LMS PHP deserialization code execution vulnerability
Summary A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability. Tested Versions Epignosis...
Epignosis eFront LMS unauthenticated SQL injection vulnerability
Summary An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities,...
Epignosis eFront CMS Path Traversal Vulnerability
Epignosis eFront CMS is an online learning system with an Ajax interface from Epignosis, USA. The system allows you to create and manage courses with tools such as a content editor, file manager, and digital library. A path traversal vulnerability exists in Epignosis eFront CMS 3.6.15.4 and earli...
eFront CMS 3.6.15.4 Multiple Vulnerabilities
eFront CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only Info: There is an EOL detection for this produ...