Unrestricted Access to eFiction Utility Scripts
CVE-2005-4174 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow remote attackers to conduct unauthorized operations by directly accessing (1) install.php or (2) upgrade.php. NOTE: it is unclear whether this is a vulnerability in eFiction itself or the result of incorrect system administration practices, e.g. by not removing utility scripts once they have been used.
Learn more about our Web Application Penetration Testing UK.