Lucene search

[email protected]NVD:CVE-2008-7026

HistoryAug 21, 2009 - 2:30 p.m.

CVE-2008-7026

2009-08-2114:30:00

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.103

Percentile

95.0%

JSON

Unrestricted file upload vulnerability in filesystem3.class.php in eFront 3.5.1 build 2710 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in (1) student/avatars/ or (2) professor/avatars/.

Affected configurations

Nvd

Node

efrontlearningefrontRange≤3.5.1

efrontlearningefrontMatch3.1.0

efrontlearningefrontMatch3.1.2

efrontlearningefrontMatch3.1.3

efrontlearningefrontMatch3.1.4

efrontlearningefrontMatch3.5.0

efrontlearningefrontMatch3.5.0beta1

efrontlearningefrontMatch3.5.0beta2

efrontlearningefrontMatch3.5.0beta3

efrontlearningefrontMatch3.5.0beta4

VendorProductVersionCPE
efrontlearningefront*cpe:2.3:a:efrontlearning:efront:*:*:*:*:*:*:*:*
efrontlearningefront3.1.0cpe:2.3:a:efrontlearning:efront:3.1.0:*:*:*:*:*:*:*
efrontlearningefront3.1.2cpe:2.3:a:efrontlearning:efront:3.1.2:*:*:*:*:*:*:*
efrontlearningefront3.1.3cpe:2.3:a:efrontlearning:efront:3.1.3:*:*:*:*:*:*:*
efrontlearningefront3.1.4cpe:2.3:a:efrontlearning:efront:3.1.4:*:*:*:*:*:*:*
efrontlearningefront3.5.0cpe:2.3:a:efrontlearning:efront:3.5.0:*:*:*:*:*:*:*
efrontlearningefront3.5.0cpe:2.3:a:efrontlearning:efront:3.5.0:beta1:*:*:*:*:*:*
efrontlearningefront3.5.0cpe:2.3:a:efrontlearning:efront:3.5.0:beta2:*:*:*:*:*:*
efrontlearningefront3.5.0cpe:2.3:a:efrontlearning:efront:3.5.0:beta3:*:*:*:*:*:*
efrontlearningefront3.5.0cpe:2.3:a:efrontlearning:efront:3.5.0:beta4:*:*:*:*:*:*

Vendor	Product	Version	CPE
efrontlearning	efront	*	cpe:2.3:a:efrontlearning:efront::::::::
efrontlearning	efront	3.1.0	cpe:2.3:a:efrontlearning:efront:3.1.0:::::::*
efrontlearning	efront	3.1.2	cpe:2.3:a:efrontlearning:efront:3.1.2:::::::*
efrontlearning	efront	3.1.3	cpe:2.3:a:efrontlearning:efront:3.1.3:::::::*
efrontlearning	efront	3.1.4	cpe:2.3:a:efrontlearning:efront:3.1.4:::::::*
efrontlearning	efront	3.5.0	cpe:2.3:a:efrontlearning:efront:3.5.0:::::::*
efrontlearning	efront	3.5.0	cpe:2.3:a:efrontlearning:efront:3.5.0:beta1::::::
efrontlearning	efront	3.5.0	cpe:2.3:a:efrontlearning:efront:3.5.0:beta2::::::
efrontlearning	efront	3.5.0	cpe:2.3:a:efrontlearning:efront:3.5.0:beta3::::::
efrontlearning	efront	3.5.0	cpe:2.3:a:efrontlearning:efront:3.5.0:beta4::::::

References

forum.efrontlearning.net/viewtopic.php?f=1&t=271

www.osvdb.org/54294

www.securityfocus.com/archive/1/496851/100/0/threaded

www.securityfocus.com/bid/31491

exchange.xforce.ibmcloud.com/vulnerabilities/45574

www.exploit-db.com/exploits/6633

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.103

Percentile

95.0%

JSON

Related for NVD:CVE-2008-7026

cve1 cvelist1 prion1 exploitdb1