eFront <= 3.6.10 (filesystem.class.php) Unrestricted File Upload Vulnerability

Description:

eFront contains a flaw related to the libraries/filesystem.class.php script which does not properly verify or sanitize user-uploaded files. This allows a remote attacker to upload and execute arbitrary PHP code.

References:

• BID-50391
• EDB-18036
• http://forum.efrontlearning.net/viewtopic.php?t=3501

Disclosure Date:

October 27, 2011