SQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the list parameter.
Max CVSS
6.8
EPSS Score
0.09%
Published
2008-06-18
Updated
2017-09-29
Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php.
Max CVSS
6.8
EPSS Score
11.14%
Published
2007-02-27
Updated
2017-10-11
2 vulnerabilities found