Summary
eFront is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer other attacks
are also possible.
eFront 3.5.5 and prior are vulnerable.
Solution
Updates are available to address this issue. Please see the references for more information.
References
Severity
Classification
-
CVE CVE-2010-1003 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
- 123 Flash Chat Multiple Security Vulnerabilities
- Apache Tomcat NIO Connector Denial of Service Vulnerability
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities