Vulnerability Details : CVE-2005-4174
eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow remote attackers to conduct unauthorized operations by directly accessing (1) install.php or (2) upgrade.php. NOTE: it is unclear whether this is a vulnerability in eFiction itself or the result of incorrect system administration practices, e.g. by not removing utility scripts once they have been used.
Exploit prediction scoring system (EPSS) score for CVE-2005-4174
Probability of exploitation activity in the next 30 days: 9.42%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2005-4174
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2005-4174
-
http://rgod.altervista.org/efiction2_xpl.html
Exploit;Vendor Advisory
-
http://www.securityfocus.com/bid/15568
Exploit
-
http://securitytracker.com/id?1015273
Exploit
-
http://archives.neohapsis.com/archives/bugtraq/2005-11/0301.html
Exploit;Vendor Advisory
- http://www.efiction.wallflowergirl.com/forums/viewtopic.php?t=1555
-
http://securityreason.com/securityalert/206