cbcvebase.
CVE-2008-7026
published 2009-08-21

CVE-2008-7026: Unrestricted file upload vulnerability in filesystem3.class.php in eFront 3.5.1 build 2710 and earlier allows remote attackers to execute arbitrary code by…

PriorityP349medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
4.70%
90.7th percentile
Unrestricted file upload vulnerability in filesystem3.class.php in eFront 3.5.1 build 2710 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in (1) student/avatars/ or (2) professor/avatars/.

Affected

6 ranges
VendorProductVersion rangeFixed in
efrontlearningefront<= 3.5.1
efrontlearningefront
efrontlearningefront
efrontlearningefront
efrontlearningefront
efrontlearningefront
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.