Directory traversal vulnerability in www/editor/tiny_mce/langs/language.php in eFront 3.5.x up to and including 3.5.5 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the langname parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
efrontlearning efront 3.5.0 |
||
efrontlearning efront 3.5.4 |
||
efrontlearning efront 3.5.3 |
||
efrontlearning efront 3.5.5 |
||
efrontlearning efront 3.5.1 |
||
efrontlearning efront 3.5.2 |