|Category:||Web application abuses|
|Title:||eFront 'ask_chat.php' SQL Injection Vulnerability|
|Summary:||Check through the exploit string on eFront|
Overview: This host is running eFront and is prone to SQL injection
The flaw exists due to an error in 'ask_chat.php', which fails to properly
sanitise input data passed via the 'chatrooms_ID' parameter.
Successful exploitation will allow remote attackers to to view, add, modify or
delete information in the back-end database.
Impact Level: Application.
eFront version 3.6.2 and prior.
Fix: No solution or patch is available as of 18th May, 2010. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.efrontlearning.net/
BugTraq ID: 40032|
Common Vulnerability Exposure (CVE) ID: CVE-2010-1918
|Copyright||Copyright (c) 2010 Greenbone Networks GmbH|
|This is only one of 40037 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.