Efrontlearning » Efront : Security Vulnerabilities, CVEs, (Code Execution)
Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message.
Max CVSS
6.0
EPSS Score
0.60%
Published
2012-08-13
Updated
2017-08-29
Unrestricted file upload vulnerability in filesystem3.class.php in eFront 3.5.1 build 2710 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in (1) student/avatars/ or (2) professor/avatars/.
Max CVSS
6.8
EPSS Score
10.28%
Published
2009-08-21
Updated
2018-10-11
2 vulnerabilities found