HomePentest-Tools.com Logo

eFront ask_chat.php SQL Injection Vulnerability CVE-2010-1918

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

eFront is prone to an SQL injection (SQLi) vulnerability.

Risk description

The flaw exists due to an error in ask_chat.php, which fails to properly sanitise input data passed via the chatrooms_ID parameter. Successful exploitation will allow remote attackers to view, add, modify or delete information in the back-end database.

Recommendation

Upgrade to eFront 3.6.2 build 6551 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
May 12, 2010
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available