Summary
This host is running eFront and is prone to SQL injection vulnerability.
Impact
Successful exploitation will allow remote attackers to view, add, modify or delete information in the back-end database.
Impact Level: Application.
Solution
Upgrade to eFront 3.6.2 build 6551 or later,
For updates refer to http://www.efrontlearning.net/
Insight
The flaw exists due to an error in 'ask_chat.php', which fails to properly sanitise input data passed via the 'chatrooms_ID' parameter.
Affected
eFront version 3.6.2 and prior.
References
Severity
Classification
-
CVE CVE-2010-1918 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities