Lucene search

MitreCVE-2009-3660

HistoryOct 11, 2009 - 10:30 p.m.

CVE-2009-3660

2009-10-1122:30:00

CWE-94

mitre

web.nvd.nist.gov

cve-2009-3660

php

remote file inclusion

efront

security vulnerability

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.023

Percentile

89.7%

JSON

PHP remote file inclusion vulnerability in libraries/database.php in Efront 3.5.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product’s security documentation.

Affected configurations

Nvd

Node

efrontlearningefrontRange≤3.5.4

efrontlearningefrontMatch3.1.0

efrontlearningefrontMatch3.1.2

efrontlearningefrontMatch3.1.3

efrontlearningefrontMatch3.1.4

efrontlearningefrontMatch3.5.0

efrontlearningefrontMatch3.5.0beta1

efrontlearningefrontMatch3.5.0beta2

efrontlearningefrontMatch3.5.0beta3

efrontlearningefrontMatch3.5.0beta4

efrontlearningefrontMatch3.5.1

VendorProductVersionCPE
efrontlearningefront*cpe:2.3:a:efrontlearning:efront:*:*:*:*:*:*:*:*
efrontlearningefront3.1.0cpe:2.3:a:efrontlearning:efront:3.1.0:*:*:*:*:*:*:*
efrontlearningefront3.1.2cpe:2.3:a:efrontlearning:efront:3.1.2:*:*:*:*:*:*:*
efrontlearningefront3.1.3cpe:2.3:a:efrontlearning:efront:3.1.3:*:*:*:*:*:*:*
efrontlearningefront3.1.4cpe:2.3:a:efrontlearning:efront:3.1.4:*:*:*:*:*:*:*
efrontlearningefront3.5.0cpe:2.3:a:efrontlearning:efront:3.5.0:*:*:*:*:*:*:*
efrontlearningefront3.5.0cpe:2.3:a:efrontlearning:efront:3.5.0:beta1:*:*:*:*:*:*
efrontlearningefront3.5.0cpe:2.3:a:efrontlearning:efront:3.5.0:beta2:*:*:*:*:*:*
efrontlearningefront3.5.0cpe:2.3:a:efrontlearning:efront:3.5.0:beta3:*:*:*:*:*:*
efrontlearningefront3.5.0cpe:2.3:a:efrontlearning:efront:3.5.0:beta4:*:*:*:*:*:*

Vendor	Product	Version	CPE
efrontlearning	efront	*	cpe:2.3:a:efrontlearning:efront::::::::
efrontlearning	efront	3.1.0	cpe:2.3:a:efrontlearning:efront:3.1.0:::::::*
efrontlearning	efront	3.1.2	cpe:2.3:a:efrontlearning:efront:3.1.2:::::::*
efrontlearning	efront	3.1.3	cpe:2.3:a:efrontlearning:efront:3.1.3:::::::*
efrontlearning	efront	3.1.4	cpe:2.3:a:efrontlearning:efront:3.1.4:::::::*
efrontlearning	efront	3.5.0	cpe:2.3:a:efrontlearning:efront:3.5.0:::::::*
efrontlearning	efront	3.5.0	cpe:2.3:a:efrontlearning:efront:3.5.0:beta1::::::
efrontlearning	efront	3.5.0	cpe:2.3:a:efrontlearning:efront:3.5.0:beta2::::::
efrontlearning	efront	3.5.0	cpe:2.3:a:efrontlearning:efront:3.5.0:beta3::::::
efrontlearning	efront	3.5.0	cpe:2.3:a:efrontlearning:efront:3.5.0:beta4::::::

Rows per page:

1-10 of 111

References

forum.efrontlearning.net/viewtopic.php?f=1&t=1354&p=7174#p7174

www.exploit-db.com/exploits/9681

www.securityfocus.com/bid/36411

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.023

Percentile

89.7%

JSON

Related for CVE-2009-3660