virus logo Intrusion Prevention

eFront.Multiple.Parameters.XSS.And.SQL.Injection

description-logoDescription

This indicates an attack attempt to exploit a SQL Injection vulnerability or a Cross Site Scripting vulnerability in eFront.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. As a result, a remote attacker can send a crafted query to execute SQL commands on a vulnerable server or execute arbitrary script code within the context of the browser.

affected-products-logoAffected Products

eFront 3.6.10 build 11944

Impact logoImpact

System Compromise: Remote attackers can execute arbitrary script code within the context of the target user's browser.

recomended-action-logoRecommended Actions

Upgrade to the latest version available from the website.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)
ID 30818
Created Jan 26, 2012
Updated Nov 15, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Default Action drop
Active
Affected OS Windows, Linux, BSD, Solaris, MacOS
Affected App PHP_app