CVE-2019-5069

HIGH

Epignosis eFront LMS <5.2.12 - Code Injection

Title source: llm

Description

A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability.

References (1)

[Exploit, Third Party Advisory] https://talosintelligence.com/vulnerability_reports/TALOS-2019-0858

Scores

CVSS v3 8.8

EPSS 0.0061

EPSS Percentile 69.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

epignosishq/efront_lms < 5.2.12

Timeline

Published Sep 05, 2019

Tracked Since Feb 18, 2026