vendor:
eFiction
by:
Unknown
N/A
CVSS
N/A
SQL Injection, Remote File Upload, Cross Site Scripting
Unknown
CWE
Product Name: eFiction
Affected Version From: 1
Affected Version To: 2
Patch Exists: Unknown
Related CWE: Unknown
CPE: efiction/titles.php?action=viewlist&let=<script>alert(document.cookie)</script>
Platforms Tested: Unknown
Unknown
eFiction Vulnerabilities
eFiction is prone to SQL injection, remote file upload, and cross site scripting vulnerabilities. These vulnerabilities may allow an attacker to view and modify sensitive information, gain unauthorized access, modify and corrupt the underlying database application, and obtain a victim's authentication credentials.
Mitigation:
Unknown