Efiction Security Vulnerabilities and Issues — Efiction CVE List

Lucene search

Efiction ProjectEfiction

4 matches found

CVE•added 2005/12/11 9:3 p.m.•40 views

CVE-2005-4171

The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .php extension that contains a GIF header, which passes the image validity check but executes any PHP c...

7.5CVSS7.7AI score0.07795EPSS

CVE•added 2005/12/11 9:3 p.m.•36 views

CVE-2005-4168

Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the let parameter in a viewlist action to titles.php and (2) the username.

7.5CVSS8.5AI score0.0138EPSS

CVE•added 2005/12/11 9:3 p.m.•35 views

CVE-2005-4169

Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) let parameter in a viewlist action to authors.php and (2) sid parameter to viewstory.php.

7.5CVSS8.5AI score0.01185EPSS

CVE•added 2005/12/11 9:3 p.m.•32 views

CVE-2005-4170

SQL injection vulnerability in eFiction 1.1 allows remote attackers to execute arbitrary SQL commands via the uid parameter to viewuser.php.

7.5CVSS8.4AI score0.02394EPSS