index.php in eFiction prior to 2.0.7 allows remote malicious users to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to "1".
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
efiction efiction 1.0 |
||
efiction efiction 1.1 |
||
efiction efiction 2.0 |
||
efiction efiction 2.0.6 |