CVE-2015-4462

The CVE-2015-4462 issue affects eFront CMS pre-3.6.15.5 in the file_manager component. It enables absolute path traversal via the Upload file from url field in professor.php, allowing remote authenticated users to read arbitrary files on the server. No remediation details are provided in the conn...

eFront 3.6.10 - professor.php Script Multiple SQL Injections

eFront 3.6.10 - professor.php Script Multiple SQL Injections source: https://www.securityfocus.com/bid/50419/info eFront is prone to multiple SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these...

eFront 3.6.10 - 'professor.php' Script Multiple SQL Injections

source: https://www.securityfocus.com/bid/50419/info eFront is prone to multiple SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application,...

Multiple vulnerabilities in Efront

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Efront, which can be exploited to perform SQL injection and cross-site scripting attacks. 1 Cross-Site scripting XSS vulnerabilities in Efront 1.1 Input passed via the "course" GET parameter to index.php is not...