2 matches found
CVE-2006-4427
index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the 1 adminloggedin, 2 loggedin, and 3 level parameters to "1"...
CVE-2006-4427
Vulnerability summary (CVE-2006-4427) : In eFiction prior to version 2.0.7, remote attackers can bypass authentication and gain privileges by setting the parameters (adminloggedin, loggedin, level) to “1” in index.php. This constitutes a privilege-escalation flaw in the authentication logic. The ...