Description
PHP remote file inclusion vulnerability in libraries/database.php in Efront 3.5.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.
Exploits (1)
References (3)
Core 3
Core References
Various Sources x_refsource_confirm
http://forum.efrontlearning.net/viewtopic.php?f=1&t=1354&p=7174#p7174
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/9681
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/36411
Scores
EPSS
0.0202
EPSS Percentile
83.8%
Details
CWE
CWE-94
Status
published
Products (7)
efrontlearning/efront
3.1.0
efrontlearning/efront
3.1.2
efrontlearning/efront
3.1.3
efrontlearning/efront
3.1.4
efrontlearning/efront
3.5.0 (5 CPE variants)
efrontlearning/efront
3.5.1
efrontlearning/efront
< 3.5.4
Published
Oct 11, 2009
Tracked Since
Feb 18, 2026