Vulnerability Description
The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL.
CVSS Score
6.5
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Efrontlearning | Efront | <= 3.6.15.4 |
Related Weaknesses (CWE)
References
- http://forum.efrontlearning.net/viewtopic.php?f=15&t=9841Vendor Advisory
- http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.htmlExploitThird Party Advisory
- http://forum.efrontlearning.net/viewtopic.php?f=15&t=9841Vendor Advisory
- http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.htmlExploitThird Party Advisory
FAQ
What is CVE-2015-4463?
CVE-2015-4463 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL.
How severe is CVE-2015-4463?
CVE-2015-4463 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-4463?
Check the references section above for vendor advisories and patch information. Affected products include: Efrontlearning Efront.