This page aggregates publicly disclosed CVE and security risk information related to efiction_project, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2005-4173 | eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function. | [email protected] | 5.0 | 0.98% | 2005-12-11 | 2026-04-16 |
| CVE-2005-4172 | eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information via a direct request to storyblock.php without arguments, which leaks the full pathname in the resulting PHP error message. | [email protected] | 5.0 | 0.98% | 2005-12-11 | 2026-04-16 |
| CVE-2005-4171 | The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .php extension that contains a GIF header, which passes the image validity check but executes any PHP code within the file. | [email protected] | 7.5 | 7.80% | 2005-12-11 | 2026-04-16 |
| CVE-2005-4170 | SQL injection vulnerability in eFiction 1.1 allows remote attackers to execute arbitrary SQL commands via the uid parameter to viewuser.php. | [email protected] | 7.5 | 2.39% | 2005-12-11 | 2026-04-16 |
| CVE-2005-4169 | Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) let parameter in a viewlist action to authors.php and (2) sid parameter to viewstory.php. | [email protected] | 7.5 | 1.19% | 2005-12-11 | 2026-04-16 |
| CVE-2005-4168 | Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the let parameter in a viewlist action to titles.php and (2) the username. | [email protected] | 7.5 | 1.38% | 2005-12-11 | 2026-04-16 |
| CVE-2005-4167 | Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the let parameter in a viewlist action to titles.php. | [email protected] | 4.3 | 1.23% | 2005-12-11 | 2026-04-16 |