vendor:
eFiction
by:
Unknown
7.5
CVSS
HIGH
SQL Injection, Remote File Upload, Cross Site Scripting
89
CWE
Product Name: eFiction
Affected Version From: 1
Affected Version To: 2
Patch Exists: NO
Related CWE:
CPE: a:efiction:efiction:1.0cpe:/a:efiction:efiction:1.1cpe:/a:efiction:efiction:2.0
Platforms Tested:
2005
eFiction Multiple Vulnerabilities
eFiction is prone to SQL injection, remote file upload, and cross site scripting vulnerabilities. These vulnerabilities may allow an attacker to view and modify sensitive information, gain unauthorized access, modify and corrupt the underlying database application, and obtain a victim's authentication credentials.
Mitigation:
Apply patches or updates from the vendor.