CVE-2012-6515

eFront 3.6.10-3.6.11 build 15059 - Exposure of Sensitive Information via Invalid courses_ID Parameter

Title source: llm
STIX 2.1

Description

eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid courses_ID parameter in the lesson_info module to index.php, which reveals the installation path in an error message.

References (3)

Core 3
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49003
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53272

Scores

EPSS 0.0147
EPSS Percentile 70.7%

Details

CWE
CWE-200
Status published
Products (2)
efrontlearning/efront 3.6.10
efrontlearning/efront 3.6.11
Published Jan 24, 2013
Tracked Since Feb 18, 2026