9 lines
No EOL
578 B
Text
9 lines
No EOL
578 B
Text
source: https://www.securityfocus.com/bid/15568/info
|
|
|
|
eFiction is prone to SQL injection, remote file upload, and cross site scripting vulnerabilities.
|
|
|
|
These vulnerabilities may allow an attacker to view and modify sensitive information, gain unauthorized access, modify and corrupt the underlying database application, and obtain a victim's authentication credentials.
|
|
|
|
eFiction versions 1.0, 1.1 and 2.0 are reported to be vulnerable; other versions may also be affected.
|
|
|
|
http://www.example.com/efiction/titles.php?action=viewlist&let=<script>alert(document.cookie)</script> |