It indicates a possible exploit of SQL injection and cross site scripting vulnerabilities in eFiction software program. These vulnerabilities may allow an attacker to view and modify sensitive information, gain unauthorized access, modify and corrupt the underlying database application, and obtain authentication credentials of a victim.
efiction 2.0, efiction 1.1, and efiction 1.0
Information disclosure and Gain access.
The vendor has released patches to address these issues. Upgrades are available as well. Please see reference for more information.