Vulnerabilities (CVE)

Filtered by vendor Efrontlearning Subscribe

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2015-4461	1 Efrontlearning	1 Efront	2018-02-26	4.0 MEDIUM	6.5 MEDIUM
Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter.
CVE-2015-4463	1 Efrontlearning	1 Efront	2017-08-10	4.0 MEDIUM	6.5 MEDIUM
The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL.
CVE-2015-4462	1 Efrontlearning	1 Efront	2017-08-10	4.0 MEDIUM	6.5 MEDIUM
Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from url" field in the file manager for professor.php.