Showing posts from May, 2015

Multiple Vulnerabilities in eFront CMS v3.6.15.4

Hi friends,

I am back with Three stories Today. There are multiple critical bugs effecting the e-front, one of the Top 10 e-learing cms available, version build 18023. The details are as follows.
Directory Traversal       (CVE : 2015-4461) Local File Inclusion      (CVE : 2015-4462) Bypass for Blocked extension file uploads      (CVE : 2015-4463) About the e-front: E-front is one of the Top 10 e-learning cms available free on the market till date. A small description from the vendor's site:

"The core of eFront is distributed as an open-source project. We have created a superior training product and we are not afraid to let you try it! The open-source edit of eFront will cover a wide range of your needs. If you are looking for a specialized solution then take a look at different efront editions."
The Issues are fixed as part of new release, efront v3.6.15.5 build 18024. You can find the change log here

Point of the Story:
e-front has a wide range of security pr…