CVE-2015-4461

Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter...

Path traversal

Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter...

CVE-2015-4461

Absolute path traversal in Epignosis/ eFront CMS 3.6.15.4 and earlier allows remote access to sensitive information via the other parameter. Affected component is the application’s path handling, enabling exposure of full pathnames. Documents consistently describe the vulnerability as a path trav...

CVE-2015-4461

Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter...

Epignosis eFront CMS Arbitrary File Upload Vulnerability (CNVD-2017-26067)

Epignosis eFront CMS is an online learning system with an Ajax interface from Epignosis, USA. The system allows you to create and manage courses with tools such as a content editor, file manager, and digital library. An arbitrary file upload vulnerability exists in Epignosis eFront CMS versions...

Epignosis eFront CMS Arbitrary File Upload Vulnerability

Epignosis eFront CMS is an online learning system with an Ajax interface from Epignosis, USA. The system allows you to create and manage courses with tools such as a content editor, file manager, and digital library. An arbitrary file upload vulnerability exists in Epignosis eFront CMS versions...

CVE-2015-4463

The filemanager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL...

Path traversal

Absolute path traversal vulnerability in the filemanager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from url" field in the file manager for professor.php...

Design/Logic Flaw

The filemanager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL...

CVE-2015-4462

Absolute path traversal vulnerability in the filemanager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from url" field in the file manager for professor.php...

CVE-2015-4463

The CVE-2015-4463 entry concerns the file_manager component of eFront CMS prior to version 3.6.15.5. Affected software: eFront CMS. What is vulnerable: the file_manager’s file upload handling can be bypassed by remote authenticated users through a crafted parameter appended to the file URL, enabl...

CVE-2015-4462

The CVE-2015-4462 issue affects eFront CMS pre-3.6.15.5 in the file_manager component. It enables absolute path traversal via the Upload file from url field in professor.php, allowing remote authenticated users to read arbitrary files on the server. No remediation details are provided in the conn...

CVE-2015-4462

Absolute path traversal vulnerability in the filemanager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from url" field in the file manager for professor.php...

eFront libraries/includes/social.php SQL Injection

SQL Injection vulnerability in eFront libraries/includes/social.php id parameter Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...

Epignosis eFront Code Execution Vulnerability

Epignosis eFront is an online learning system with an Ajax interface from Epignosis USA. The system allows you to create and manage courses with tools such as a content editor, file manager, and digital library. A code execution vulnerability exists in the globals.php page in eFront version 3.6.1...

eFront 3.6.15 Code Execution Vulnerability

Exploit for php platform in category web applications A friend reminded me a couple of days ago to publish something, since its been a while last I published a post. so this is going to be a short post about an interesting-ish RCE found in all versions of eFront LMS - unfortunately, since the...

eFront 3.6.15 Code Execution

TL,DR; A friend reminded me a couple of days ago to publish something, since its been a while last I published a post. so this is going to be a short post about an interesting-ish RCE found in all versions of eFront LMS - unfortunately, since the report have passed 90 days since initial report, I...

eFront Learning CMS Cross-Site Scripting Vulnerability

eFront is an online learning system. A cross-site scripting vulnerability exists in eFront. A remote attacker can exploit the vulnerability to inject malicious script code into the affected application...

eFront Learning CMS Cross-Site Scripting Vulnerability (CNVD-2016-03584)

eFront is an online learning system. A cross-site scripting vulnerability exists in eFront. Because the program fails to properly filter user-supplied input, an attacker can exploit the vulnerability to steal cookie-based authentication information and execute arbitrary script in the browser...

eFront 3.6.15.6 CMS – Attachment Cross Site Vulnerability

Document Title: =============== eFront 3.6.15.6 CMS – Attachment Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1765 Release Date: ============= 2016-02-23 Vulnerability Laboratory ID VL-ID: ====================================...