Web application abuses : eFront 'database.php' Remote File Inclusion Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.901045

Categoría: Web application abuses

Título: eFront 'database.php' Remote File Inclusion Vulnerability

Resumen: eFront is prone to a remote file inclusion vulnerability.

Descripción: Summary:
eFront is prone to a remote file inclusion vulnerability.

Vulnerability Insight:
The flaw is due to improper validation of user supplied data and can be
exploited via 'path' parameter in 'libraries/database.php' to include and
execute remote files on the affected system.

Vulnerability Impact:
Successful exploitation will allow attacker to execute arbitrary code on the
vulnerable Web server.

Affected Software/OS:
eFront version 3.5.4 and prior.

Solution:
Apply the patch from the referenced link.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-3660
BugTraq ID: 36411
http://www.securityfocus.com/bid/36411
http://www.exploit-db.com/exploits/9681

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.901045
Categoría:	Web application abuses
Título:	eFront 'database.php' Remote File Inclusion Vulnerability
Resumen:	eFront is prone to a remote file inclusion vulnerability.
Descripción:	Summary: eFront is prone to a remote file inclusion vulnerability. Vulnerability Insight: The flaw is due to improper validation of user supplied data and can be exploited via 'path' parameter in 'libraries/database.php' to include and execute remote files on the affected system. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary code on the vulnerable Web server. Affected Software/OS: eFront version 3.5.4 and prior. Solution: Apply the patch from the referenced link. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3660 BugTraq ID: 36411 http://www.securityfocus.com/bid/36411 http://www.exploit-db.com/exploits/9681
Copyright	Copyright (C) 2009 Greenbone AG