CVE-2006-4427

critical

Description

index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to "1".

References

https://www.exploit-db.com/exploits/2255

https://exchange.xforce.ibmcloud.com/vulnerabilities/28595

http://www.vupen.com/english/advisories/2006/3392

http://www.securityfocus.com/bid/19717

http://www.osvdb.org/28237

http://secunia.com/advisories/21625

http://efiction.org/forums/index.php?topic=3698

Details

Source: Mitre, NVD

Published: 2006-08-29

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.13338

Detections

Analytics