HomePentest-Tools.com Logo

eFront CMS 3.6.15.4 Multiple Vulnerabilities CVE-2015-4461CVE-2015-4462CVE-2015-4463

Severity
CVSSv3 Score
6.5
Vulnerability description

eFront CMS is prone to multiple vulnerabilities.

Risk description

Vulnerabilities: Absolute path traversal: Allows remote Professor users to obtain sensitive information via a full pathname in the other parameter. Unrestricted file upload vulnerability: Allows remote authenticated users to execute arbitrary code by uploading a file from a local URL, then accessing it via a direct request to the file in www/content/lessons/lesson number/directory name. Unrestricted file upload vulnerability: Allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension prepended to a crafted parameter, then accessing it via a direct request to the file in www/content/lessons/lesson number/directory name

Recommendation

Update to eFront CMS version 3.6.15.5 or above

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Feb 5, 2018
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available