VYPR

eFront CMS

by EFront CMS

CVEs (4)

  • CVE-2015-4461MedFeb 5, 2018
    risk 0.42cvss 6.5epss 0.01

    Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter.

  • CVE-2015-4463MedJul 25, 2017
    risk 0.42cvss 6.5epss 0.01

    The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL.

  • CVE-2015-4462MedJul 25, 2017
    risk 0.42cvss 6.5epss 0.01

    Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from url" field in the file manager for professor.php.

  • CVE-2008-7026Aug 21, 2009
    risk 0.03cvss epss 0.05

    Unrestricted file upload vulnerability in filesystem3.class.php in eFront 3.5.1 build 2710 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in (1)…