CVE-2009-3660

Name of the Vulnerable Software and Affected Versions Efront versions 3.5.4 and earlier

Description A remote file inclusion issue exists in the libraries/database.php file of Efront, allowing remote attackers to execute arbitrary PHP code via a URL in the path parameter when register globals is enabled. This issue is only present when the administrator does not follow the product's security documentation recommendations.

Recommendations For Efront versions 3.5.4 and earlier, ensure that register globals is disabled to prevent exploitation of this issue. As a temporary workaround, consider restricting access to the libraries/database.php file until a fix is available.