HIGH🇬🇧 English

CVE-2019-5069

CVSS 8.8v3.1pub. 2019-09-05upd. 2024-11-21

A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Epignosishq Efront Lms

    APP
    Epignosishq
    ≤ 5.2.12
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEDeserialization
CWE
Referencje

Powiązane podatności

CVE-2019-5070MEDIUM6.5ten sam produkt

An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2....

CVE-2020-28597HIGH7.5ten sam vendor

A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By ...