eFront 3.6.10 Multiple Security Vulnerabilities

Summary
eFront is prone to multiple security vulnerabilities, including: 1. A remote code injection vulnerability 2. Multiple SQL injection vulnerabilities 3. An authentication bypass and privilege escalation vulnerability 4. A remote code execution vulnerability 5. A file upload vulnerability Attackers can exploit these issues to bypass certain security restrictions, insert arbitrary code, obtain sensitive information, execute arbitrary code, modify the logic of SQL queries, and upload arbitrary code. Other attacks may also be possible. eFront 3.6.10 is vulnerable prior versions may also be affected.
Solution
Updates are available. Please see the references for more information.
References