2 matches found
CVE-2010-1003
CVE-2010-1003 concerns a local file inclusion vulnerability in eFront up to version 3.5.5, caused by improper sanitization of the langname parameter in the language.php script, enabling directory traversal via .. to include and potentially execute arbitrary local PHP files. Multiple sources (NVD ...
CVE-2010-1918
CVE-2010-1918 affects eFront (versions up to 3.6.2 and earlier). The vulnerability is an SQL injection in the web application’s ask_chat.php, exploitable via the chatrooms_ID parameter. This allows remote attackers to execute arbitrary SQL commands on the backend. The published metrics assign a C...