CVE-2019-5070
MEDIUMeFront LMS < 5.2.12 - Unauthenticated SQL Injection via Login Page
Title source: llmDescription
An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0859
Scores
CVSS v3
6.5
EPSS
0.0103
EPSS Percentile
59.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-89
Status
published
Products (1)
epignosishq/efront_lms
< 5.2.12
Published
Sep 05, 2019
Tracked Since
Feb 18, 2026