Monday 3 February 2014

eFront LMS v3.6.14 - build 18012 Multiple Vulnerabilities


eFront LMS v3.6.14 - build 18012 is vulnerable to :

1. Arbitrary File Upload & Internal Path Disclosure 
2. Access to restricted folder ( Backup )


[-] Disclosure timeline:
--------------------------------

[13/12/2013] - Vulnerabilities discovered
[13/12/2013] - Issues reported to Vendor by E-Mail
[17/12/2013] - Vendor update released [ v3.6.14.2 - build 18013 - build 18013 ]: http://forum.efrontlearning.net/viewtopic.php?f=15&t=8522
[18/12/2013] - Public disclosure


Details has been published on : 

No comments:

Post a Comment