PT-2019-17451 · Epignosis · Efront Lms

Published

2019-09-05

Updated

2022-06-27

CVE-2019-5069

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Epignosis eFront LMS version 5.2.12

Description A code execution issue exists due to unsafe deserialization, potentially allowing PHP code execution through a specially crafted web request. An attacker can exploit this by sending a crafted web parameter.

Recommendations For Epignosis eFront LMS version 5.2.12, update to a version that fixes the unsafe deserialization issue to prevent potential code execution.

Exploit

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2019-5069

Affected Products

Efront Lms

PT-2019-17451 · Epignosis · Efront Lms

CVE-2019-5069

Weakness Enumeration

Related Identifiers

Affected Products

References · 3