Efiction: Security Vulnerabilities
SQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the list parameter.
CVSS Score
6.8
EPSS Score
0.002
Published
2008-06-18
Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php.
CVSS Score
6.8
EPSS Score
0.07
Published
2007-02-27
index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to "1".
CVSS Score
5.1
EPSS Score
0.138
Published
2006-08-29