Multiple CSRF vulnerabilities in eFront v. 3.6.15.2 (CE)

Posted by Steffen Rösemann on Feb 08

Advisory: Multiple CSRF vulnerabilities in eFront v. 3.6.15.2 (CE)
Advisory ID: SROEADV-2015-09
Author: Steffen Rösemann
Affected Software: eFront v. 3.6.15.2 (CE) (Release-date: 05-Dec-2014,
build 18021)
Vendor URL: http://www.efrontlearning.net
Vendor Status: patched
CVE-ID: –

Tested with/on:

-Browser: Firefox 35, Iceweasel 31.3.0
-OS: Mac OS X 10.10 (XAMPP installation), Kali Linux 1.0.9a (Apache2,
MySQL)

==========================…

007 Software

Multiple CSRF vulnerabilities in eFront v. 3.6.15.2 (CE)

Software and Security Information