Efiction Project Efiction vulnerabilities
7 known vulnerabilities affecting efiction_project/efiction.
Total CVEs
7
CISA KEV
0
Public exploits
5
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2005-4171P3HIGHCVSS 7.5PoCv1.12005-12-11
CVE-2005-4171 [HIGH] CVE-2005-4171: The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to uplo
The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .php extension that contains a GIF header, which passes the image validity check but executes any PHP code within the file.
nvd
CVE-2005-4168P3HIGHCVSS 7.5PoCv1.0v1.1+1 more2005-12-11
CVE-2005-4168 [HIGH] CVE-2005-4168: Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 allow remote attackers to execu
Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the let parameter in a viewlist action to titles.php and (2) the username.
nvd
CVE-2005-4169P3HIGHCVSS 7.5PoCv1.02005-12-11
CVE-2005-4169 [HIGH] CVE-2005-4169: Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote attackers to execute arbitrary S
Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) let parameter in a viewlist action to authors.php and (2) sid parameter to viewstory.php.
nvd
CVE-2005-4170P3HIGHCVSS 7.5PoCv1.12005-12-11
CVE-2005-4170 [HIGH] CVE-2005-4170: SQL injection vulnerability in eFiction 1.1 allows remote attackers to execute arbitrary SQL command
SQL injection vulnerability in eFiction 1.1 allows remote attackers to execute arbitrary SQL commands via the uid parameter to viewuser.php.
nvd
CVE-2005-4167P4MEDIUMCVSS 4.3PoCv1.0v1.12005-12-11
CVE-2005-4167 [MEDIUM] CVE-2005-4167: Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 allows remote attackers to inject a
Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the let parameter in a viewlist action to titles.php.
nvd
CVE-2005-4173P4MEDIUMCVSS 5.0v1.0v1.1+1 more2005-12-11
CVE-2005-4173 [MEDIUM] CVE-2005-4173: eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpi
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function.
nvd
CVE-2005-4172P4MEDIUMCVSS 5.0v1.0v1.1+1 more2005-12-11
CVE-2005-4172 [MEDIUM] CVE-2005-4172: eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information via a direct requ
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information via a direct request to storyblock.php without arguments, which leaks the full pathname in the resulting PHP error message.
nvd