VYPR
Unrated severityNVD Advisory· Published Aug 21, 2009· Updated Jun 16, 2026

CVE-2008-7026

CVE-2008-7026

Description

Unrestricted file upload vulnerability in filesystem3.class.php in eFront 3.5.1 build 2710 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in (1) student/avatars/ or (2) professor/avatars/.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11
  • Epignosis/Efront10 versions
    cpe:2.3:a:efrontlearning:efront:*:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:efrontlearning:efront:*:*:*:*:*:*:*:*range: <=3.5.1
    • cpe:2.3:a:efrontlearning:efront:3.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:efrontlearning:efront:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:efrontlearning:efront:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:efrontlearning:efront:3.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:efrontlearning:efront:3.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:efrontlearning:efront:3.5.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:efrontlearning:efront:3.5.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:efrontlearning:efront:3.5.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:efrontlearning:efront:3.5.0:beta4:*:*:*:*:*:*
  • Range: <=3.5.1 build 2710

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.