CVE-2015-4462

Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from url" field in the file manager for professor.php. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt