What’s the matter?
Researchers from Cisco Talos uncovered two vulnerabilities in Epigosis eFront LMS. The vulnerabilities could allow an attacker to remotely execute code and perform SQL injections.
Remote Code Execution vulnerability
SQL Injection vulnerability
Cisco Talos researchers disclosed these two vulnerabilities to Epignosis on July 29, 2019. Epignois acknowledged the issue and announced to fix the issue on August 13, 2019.
On August 30, 2019, Epignosis patched the vulnerabilities in its latest version eFront v 5.2.13.