| Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2005-4170 | 7.5 |
SQL injection vulnerability in eFiction 1.1 allows remote attackers to execute arbitrary SQL commands via the uid parameter to viewuser.php.
|
20-07-2017 - 01:29 | 11-12-2005 - 21:03 | |
| CVE-2005-4169 | 7.5 |
Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) let parameter in a viewlist action to authors.php and (2) sid parameter to viewstory.php.
|
20-07-2017 - 01:29 | 11-12-2005 - 21:03 | |
| CVE-2005-4174 | 7.5 |
eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow remote attackers to conduct unauthorized operations by directly accessing (1) install.php or (2) upgrade.php. NOTE: it is unclear whether this is a vulnerability in eFiction itself
|
05-09-2008 - 20:56 | 11-12-2005 - 21:03 | |
| CVE-2005-4171 | 7.5 |
The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .php extension that contains a GIF header, which passe
|
05-09-2008 - 20:56 | 11-12-2005 - 21:03 | |
| CVE-2005-4172 | 5.0 |
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information via a direct request to storyblock.php without arguments, which leaks the full pathname in the resulting PHP error message.
|
05-09-2008 - 20:56 | 11-12-2005 - 21:03 | |
| CVE-2005-4168 | 7.5 |
Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the let parameter in a viewlist action to titles.php and (2) the username.
|
05-09-2008 - 20:56 | 11-12-2005 - 21:03 | |
| CVE-2005-4173 | 5.0 |
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function.
|
05-09-2008 - 20:56 | 11-12-2005 - 21:03 |