Unrestricted Access to eFiction Utility Scripts

Unrestricted Access to eFiction Utility Scripts

CVE-2005-4174 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow remote attackers to conduct unauthorized operations by directly accessing (1) install.php or (2) upgrade.php. NOTE: it is unclear whether this is a vulnerability in eFiction itself or the result of incorrect system administration practices, e.g. by not removing utility scripts once they have been used.

Learn more about our Web Application Penetration Testing UK.