Aggregates CVE and security vulnerability intelligence across all efiction-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk sql injection, with potential vendor impact data exposure across vendor surface software deployment and vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2008-2754 | SQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the list parameter. | [email protected] | 6.8 | 0.48% | 2008-06-18 | 2026-04-23 |
| CVE-2007-1118 | Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php. | [email protected] | 6.8 | 11.12% | 2007-02-27 | 2026-04-23 |
| CVE-2006-4427 | index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to "1". | [email protected] | 5.1 | 9.65% | 2006-08-29 | 2026-04-16 |