EFront 'database.php' Remote File Inclusion Vulnerability Network Vulnerability

Summary

This host is running eFront and is prone to Remote File Inclusion vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary code on the vulnerable Web server. Impact level: Application.

Solution

Apply the patch from below link. http://svn.efrontlearning.net/repos/efront/trunc/libraries/database.php ***** NOTE: Please ignore this warning if the patch is already applied. *****

Insight

The flaw is due to improper validation of user supplied data and can be exploited via 'path' parameter in 'libraries/database.php' to include and execute remote files on the affected system.

Affected

eFront version 3.5.4 and prior.

References

http://forum.efrontlearning.net/viewtopic.php?f=1&t=1354&p=7174#p7174

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-3660
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
Apache Struts2 'XWork' Information Disclosure Vulnerability
Advanced Image Hosting Cross Site Scripting Vulnerability

eFront 'database.php' Remote File Inclusion Vulnerability

Take action and discover your vulnerabilities