PHP remote file inclusion vulnerability in libraries/database.php in Efront 3.5.4 and previous versions, when register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via a URL in the path parameter. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
efrontlearning efront 3.5.0 |
||
efrontlearning efront 3.5.1 |
||
efrontlearning efront 3.1.3 |
||
efrontlearning efront 3.1.4 |
||
efrontlearning efront |
||
efrontlearning efront 3.1.0 |
||
efrontlearning efront 3.1.2 |