EFront 3.6.10 Multiple Security Vulnerabilities Network Vulnerability

Summary

eFront is prone to multiple security vulnerabilities, including: 1. A remote code injection vulnerability 2. Multiple SQL injection vulnerabilities 3. An authentication bypass and privilege escalation vulnerability 4. A remote code execution vulnerability 5. A file upload vulnerability Attackers can exploit these issues to bypass certain security restrictions, insert arbitrary code, obtain sensitive information, execute arbitrary code, modify the logic of SQL queries, and upload arbitrary code. Other attacks may also be possible. eFront 3.6.10 is vulnerable prior versions may also be affected.

Solution

Updates are available. Please see the references for more information.

References

http://bugs.efrontlearning.net/browse/EF-675
http://www.efrontlearning.net/
http://www.securityfocus.com/bid/50391

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability
Artifectx xClassified 'catid' SQL Injection Vulnerability
Athena Web Registration remote command execution flaw
ASAS Server End User Self Service (EUSS) SQL Injection Vulnerability
AjaxPortal 'di.php' File Inclusion Vulnerability

eFront 3.6.10 Multiple Security Vulnerabilities

Take action and discover your vulnerabilities