header-logo
Suggest Exploit
vendor:
eFiction
by:
Unknown
N/A
CVSS
N/A
SQL Injection, Remote File Upload, Cross Site Scripting
Unknown
CWE
Product Name: eFiction
Affected Version From: 1
Affected Version To: 2
Patch Exists: Unknown
Related CWE: Unknown
CPE: efiction/titles.php?action=viewlist&let=<script>alert(document.cookie)</script>
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

eFiction Vulnerabilities

eFiction is prone to SQL injection, remote file upload, and cross site scripting vulnerabilities. These vulnerabilities may allow an attacker to view and modify sensitive information, gain unauthorized access, modify and corrupt the underlying database application, and obtain a victim's authentication credentials.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15568/info

eFiction is prone to SQL injection, remote file upload, and cross site scripting vulnerabilities.

These vulnerabilities may allow an attacker to view and modify sensitive information, gain unauthorized access, modify and corrupt the underlying database application, and obtain a victim's authentication credentials.

eFiction versions 1.0, 1.1 and 2.0 are reported to be vulnerable; other versions may also be affected. 

http://www.example.com/efiction/titles.php?action=viewlist&let=<script>alert(document.cookie)</script>