Unrestricted file upload vulnerability in filesystem3.class.php in eFront 3.5.1 build 2710 and previous versions allows remote malicious users to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in (1) student/avatars/ or (2) professor/avatars/.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
efrontlearning efront 3.5.0 |
||
efrontlearning efront 3.1.4 |
||
efrontlearning efront 3.1.3 |
||
efrontlearning efront |
||
efrontlearning efront 3.1.2 |
||
efrontlearning efront 3.1.0 |