CyberSec.Space Logo
Back to CVE Browser

CVE-2007-4338

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1980%
EPSS Percentile34.22th
PublishedAug 14, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter.

Affected Platforms (CPE)

πŸ“¦
Haudenschilt

Family Connections Cms

<= 0.8
πŸ“¦
Haudenschilt

Family Connections Cms

= 0.1.1
πŸ“¦
Haudenschilt

Family Connections Cms

= 0.1.2
πŸ“¦
Haudenschilt

Family Connections Cms

= 0.5
πŸ“¦
Haudenschilt

Family Connections Cms

= 0.6

References & Advisories

πŸ”— http://osvdb.org/39534
πŸ”— http://secunia.com/advisories/26421
πŸ”— http://securityreason.com/securityalert/3009
πŸ”— http://sourceforge.net/tracker/index.php?func=detail&aid=1778696&group_id=189733&atid=930513
πŸ”— http://www.attrition.org/pipermail/vim/2007-August/001762.html
πŸ”— http://www.attrition.org/pipermail/vim/2007-August/001768.html
πŸ”— http://www.securityfocus.com/archive/1/476142/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/476293/100/0/threaded

Related Vulnerabilities

CVE-2012-06998.8

Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attac...

CVE-2010-34197.5

Multiple PHP remote file inclusion vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 2.2.3 allow remote attackers to e...

CVE-2011-51306.8

dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute ...

CVE-2008-29016.5

Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.4 allow remote authenticated users to execu...