eFront <= 3.6.10 (save_template.php) PHP Code Injection Vulnerability

Description:

eFront contains a flaw which allows a remote attacker to inject and execute arbitrary PHP code. The issue is due to the www/editor/tiny_mce/plugins/save_template/save_template.php script which fails to properly sanitize user-supplied input passed via the ‘templateName’ and ‘templateContent’ parameters before use it in a call to the file_put_contents() PHP function.

References:

• BID-50391
• EDB-18036
• http://forum.efrontlearning.net/viewtopic.php?t=3501

Disclosure Date:

October 27, 2011