Every CVE whose affected-product data names Efrontlearning Efront, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2010-1918 — CVSS 7.5 (high): SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the…
CVE-2008-7026 — CVSS 6.8 (medium): Unrestricted file upload vulnerability in filesystem3.class.php in eFront 3.5.1 build 2710 and earlier allows remote attackers to execute…
CVE-2009-3660 — CVSS 6.8 (medium): PHP remote file inclusion vulnerability in libraries/database.php in Efront 3.5.4 and earlier, when register_globals is enabled, allows…
CVE-2010-1003 — CVSS 6.8 (medium): Directory traversal vulnerability in www/editor/tiny_mce/langs/language.php in eFront 3.5.x through 3.5.5 allows remote attackers to…
CVE-2015-4463 — CVSS 6.5 (medium): The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by…
CVE-2015-4461 — CVSS 6.5 (medium): Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via…
CVE-2015-4462 — CVSS 6.5 (medium): Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read…
CVE-2012-4269 — CVSS 6.0 (medium): Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file…
CVE-2012-6515 — CVSS 5.0 (medium): eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid courses_ID parameter in…
CVE-2014-4033 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to…
CVE-2013-7194 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated…
CVE-2012-4270 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows remote authenticated users to inject arbitrary web script or HTML via the…