CVE-2019-5070

MEDIUM

eFront LMS < 5.2.12 - Unauthenticated SQL Injection via Login Page

Title source: llm
STIX 2.1

Description

An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0859

Scores

CVSS v3 6.5
EPSS 0.0103
EPSS Percentile 59.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE
CWE-89
Status published
Products (1)
epignosishq/efront_lms < 5.2.12
Published Sep 05, 2019
Tracked Since Feb 18, 2026