Published: 29/08/2006 Updated: 19/10/2017

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

VMScore: 515

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

index.php in eFiction prior to 2.0.7 allows remote malicious users to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to "1".

Vulnerable Product	Search on Vulmon	Subscribe to Product
efiction efiction 1.0
efiction efiction 1.1
efiction efiction 2.0
efiction efiction 2.0.6

########################################## # eFiction vulnerability ########################################## # I am releasing this to the public Vendor was notified Someone is also illegally defacing these websites under MY name, which is a shame because they ripped it from a private discussion on g00nsnet This proof of concept is not to be ...

NVD-CWE-Other http://efiction.org/forums/index.php?topic=3698 http://www.securityfocus.com/bid/19717 http://secunia.com/advisories/21625 http://www.osvdb.org/28237 http://www.vupen.com/english/advisories/2006/3392 https://exchange.xforce.ibmcloud.com/vulnerabilities/28595 https://www.exploit-db.com/exploits/2255 https://nvd.nist.gov https://www.exploit-db.com/exploits/2255/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-4427

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect