Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
eFront跨站脚本漏洞和任意文件上传漏洞
Vulnerability Description
Epignosis eFront是美国Epignosis公司的一套拥有Ajax界面的在线学习系统。该系统可通过内容编辑器、文件管理器、数字图书馆等工具来创建和管理课程。 eFront中存在跨站脚本漏洞和任意文件上传漏洞,这些漏洞源于对用户提供的输入未经正确过滤。攻击者可利用这些漏洞盗取基于cookie的认证信息,在浏览器上下文中执行任意脚本,在web服务器上下文中上传并执行任意文件,也可能导致其他的攻击。eFront 3.6.11版本中存在这些漏洞,其他版本也可能受到影响。
CVSS Information
N/A
Vulnerability Type
N/A