Vulnerabilities > Efiction
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-06-18 | CVE-2008-2754 | SQL Injection vulnerability in Efiction 3.0/3.4.3 SQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the list parameter. | 6.8 |
| 2007-02-27 | CVE-2007-1118 | Remote File Include vulnerability in EFiction Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php. network efiction | 6.8 |
| 2006-08-29 | CVE-2006-4427 | Authentication Bypass vulnerability in eFiction index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to "1". | 5.1 |