CVE-2006-4427 Information

Description

index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin (2) loggedin and (3) level parameters to \1.

Reference

http://efiction.org/forums/index.php?topic=3698 http://secunia.com/advisories/21625 http://www.osvdb.org/28237 http://www.securityfocus.com/bid/19717 http://www.vupen.com/english/advisories/2006/3392 https://exchange.xforce.ibmcloud.com/vulnerabilities/28595 https://www.exploit-db.com/exploits/2255