Web application abuses : eFront 3.6.10 Multiple Security Vulnerabilities

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.103316

Category: Web application abuses

Title: eFront 3.6.10 Multiple Security Vulnerabilities

Summary: eFront is prone to multiple security vulnerabilities, including:;; - A remote code injection vulnerability;; - Multiple SQL injection vulnerabilities;; - An authentication bypass and privilege escalation vulnerability;; - A remote code execution vulnerability;; - A file upload vulnerability

Description: Summary:
eFront is prone to multiple security vulnerabilities, including:

- A remote code injection vulnerability

- Multiple SQL injection vulnerabilities

- An authentication bypass and privilege escalation vulnerability

- A remote code execution vulnerability

- A file upload vulnerability

Vulnerability Impact:
Attackers can exploit these issues to bypass certain security
restrictions, insert arbitrary code, obtain sensitive information, execute arbitrary code,
modify the logic of SQL queries, and upload arbitrary code. Other attacks may also be possible.

Affected Software/OS:
eFront 3.6.10 is vulnerable. Prior versions may also be affected.

Solution:
Updates are available. Please see the references for more information.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Copyright Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.103316
Category:	Web application abuses
Title:	eFront 3.6.10 Multiple Security Vulnerabilities
Summary:	eFront is prone to multiple security vulnerabilities, including:;; - A remote code injection vulnerability;; - Multiple SQL injection vulnerabilities;; - An authentication bypass and privilege escalation vulnerability;; - A remote code execution vulnerability;; - A file upload vulnerability
Description:	Summary: eFront is prone to multiple security vulnerabilities, including: - A remote code injection vulnerability - Multiple SQL injection vulnerabilities - An authentication bypass and privilege escalation vulnerability - A remote code execution vulnerability - A file upload vulnerability Vulnerability Impact: Attackers can exploit these issues to bypass certain security restrictions, insert arbitrary code, obtain sensitive information, execute arbitrary code, modify the logic of SQL queries, and upload arbitrary code. Other attacks may also be possible. Affected Software/OS: eFront 3.6.10 is vulnerable. Prior versions may also be affected. Solution: Updates are available. Please see the references for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Copyright	Copyright (C) 2011 Greenbone AG