Vulnerabilities > CVE-2012-4269 - Cross-Site Scripting and Arbitrary File Upload vulnerability in Efrontlearning Efront 3.6.11

CVSS 6.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

efrontlearning

NVD

Published: 2012-08-13

Updated: 2017-08-29

Summary

Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message. Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type'

Vulnerable Configurations

Part	Description	Count
Application	Efrontlearning Efrontlearning Efront 3.6.11	1

References

http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html
http://www.securityfocus.com/bid/53412
https://exchange.xforce.ibmcloud.com/vulnerabilities/75443