Test ID:	1.3.6.1.4.1.25623.1.0.800778
Category:	Web application abuses
Title:	eFront 'ask_chat.php' SQL Injection Vulnerability
Summary:	Check through the exploit string on eFront
Description:	Overview: This host is running eFront and is prone to SQL injection vulnerability. Vulnerability Insight: The flaw exists due to an error in 'ask_chat.php', which fails to properly sanitise input data passed via the 'chatrooms_ID' parameter. Impact: Successful exploitation will allow remote attackers to to view, add, modify or delete information in the back-end database. Impact Level: Application. Affected Software: eFront version 3.6.2 and prior. Fix: No solution or patch is available as of 18th May, 2010. Information regarding this issue will be updated once the solution details are available. For updates refer to http://www.efrontlearning.net/ References: http://secunia.com/advisories/39728 http://www.vupen.com/english/advisories/2010/1101 http://packetstormsecurity.org/1005-exploits/MOPS-2010-018.pdf
Cross-Ref:	BugTraq ID: 40032 Common Vulnerability Exposure (CVE) ID: CVE-2010-1918 http://packetstormsecurity.org/1005-exploits/MOPS-2010-018.pdf http://www.php-security.org/2010/05/09/mops-2010-018-efront-ask_chat-chatrooms_id-sql-injection-vulnerability/index.html http://www.securityfocus.com/bid/40032 http://osvdb.org/64506 http://secunia.com/advisories/39728 http://www.vupen.com/english/advisories/2010/1101
Copyright	Copyright (c) 2010 Greenbone Networks GmbH

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: