Summary
eFront is prone to multiple security vulnerabilities, including:
1. A remote code injection vulnerability
2. Multiple SQL injection vulnerabilities
3. An authentication bypass and privilege escalation vulnerability 4. A remote code execution vulnerability
5. A file upload vulnerability
Attackers can exploit these issues to bypass certain security restrictions, insert arbitrary code, obtain sensitive information, execute arbitrary code, modify the logic of SQL queries, and upload arbitrary code. Other attacks may also be possible.
eFront 3.6.10 is vulnerable
prior versions may also be affected.
Solution
Updates are available. Please see the references for more information.
References
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Artifectx xClassified 'catid' SQL Injection Vulnerability
- AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities
- Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14
- Apache Archiva Multiple Remote Command Execution Vulnerabilities
- A-Blog 'sources/search.php' SQL Injection Vulnerability