EFront 'langname' Parameter Local File Include Vulnerability Network Vulnerability

Summary

eFront is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer other attacks are also possible. eFront 3.5.5 and prior are vulnerable.

Solution

Updates are available to address this issue. Please see the references for more information.

References

http://forum.efrontlearning.net/viewtopic.php?f=15&t=1945.
http://www.coresecurity.com/content/efront-php-file-inclusion
http://www.efrontlearning.net/
http://www.securityfocus.com/archive/1/510155
http://www.securityfocus.com/bid/38787

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1003
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
123 Flash Chat Multiple Security Vulnerabilities
Apache Tomcat NIO Connector Denial of Service Vulnerability
APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities

eFront 'langname' Parameter Local File Include Vulnerability

Take action and discover your vulnerabilities