Yuri Kramarz of Security Advisory Incident Response EMEAR discovered these vulnerabilities.
Cisco Talos discovered two vulnerabilities in Epignosis eFront — one of which could allow an attacker to remotely execute code on the victim system, and another that opens the victim machine to SQL injections. eFront is an LMS platform that allows users to control their virtual training environments and data. The software boasts the ability to allow large companies to train their employees quickly and efficiently.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Epignosis to ensure that these issues are resolved and that an update is available for affected customers. Epignosis confirmed that they released eFront version 5.2.13 to address these issues.
Vulnerability details Epignosis eFront LMS PHP deserialization code execution vulnerability (TALOS-2019-0858/CVE-2019-5069)
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability. Talos discovered that the application deserialized untrusted data without properly limiting or validating the incoming data type.
Read the complete vulnerability advisory here for additional information.
Epignosis eFront LMS unauthenticated SQL injection vulnerability (TALOS-2018-0859/CVE-2019-5070)
An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required.
Read the complete vulnerability advisory here for additional information.
Versions tested Talos tested and confirmed that version 5.2.12 of Epignosis eFront is affected by these vulnerabilities.
Coverage
The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.
Snort Rules: 50746, 50755 - 50760