2 matches found
CVE-2009-3660
The CVE-2009-3660 issue affects Efront up to version 3.5.4 in the PHP library libraries/database.php. The root cause is a remote file inclusion (RFI) vulnerability when register_globals is enabled, allowing a remote attacker to execute arbitrary PHP code via a URL supplied in the path parameter. ...
CVE-2008-7026
CVE-2008-7026 describes an unrestricted file-upload vulnerability in eFront (version 3.5.1 build 2710 and earlier) where an attacker can upload a file with an executable extension as a user avatar via the filesystem3.class.php upload process, and then access it through a direct request to the fil...