CVE-2019-5070

Name of the Vulnerable Software and Affected Versions eFront LMS versions v5.2.12 and earlier

Description An exploitable SQL injection issue exists in the unauthenticated portion of the software. A specially crafted web request to the "login page" can cause SQL injections, resulting in data compromise. An attacker can trigger this issue using a browser, with no special tools required.

Recommendations For versions v5.2.12 and earlier, update to a version later than v5.2.12 to resolve the issue. As a temporary workaround, consider restricting access to the login page to minimize the risk of exploitation.