eFront 3.6.10 Multiple Security Vulnerabilities

eFront is prone to multiple security vulnerabilities, including:

1. A remote code injection vulnerability
2. Multiple SQL injection vulnerabilities
3. An authentication bypass and privilege escalation vulnerability
4. A remote code execution vulnerability
5. A file upload vulnerability

Attackers can exploit these issues to bypass certain security restrictions, insert arbitrary code, obtain sensitive information, execute arbitrary code, modify the logic of SQL queries, and upload arbitrary code. Other attacks may also be possible.

eFront 3.6.10 is vulnerable; prior versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus