2 matches found
CVE-2015-4462
The CVE-2015-4462 issue affects eFront CMS pre-3.6.15.5 in the file_manager component. It enables absolute path traversal via the Upload file from url field in professor.php, allowing remote authenticated users to read arbitrary files on the server. No remediation details are provided in the conn...
CVE-2015-4463
The CVE-2015-4463 entry concerns the file_manager component of eFront CMS prior to version 3.6.15.5. Affected software: eFront CMS. What is vulnerable: the file_manager’s file upload handling can be bypassed by remote authenticated users through a crafted parameter appended to the file URL, enabl...