CyberSec.Space Logo
CVEブラウザに戻る

CVE-2007-4338

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1980%
EPSS Percentile34.22th
Published2007年8月14日
Last Modified2026年4月23日

Vulnerability Description

index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter.

Affected Platforms (CPE)

📦
Haudenschilt

Family Connections Cms

<= 0.8
📦
Haudenschilt

Family Connections Cms

= 0.1.1
📦
Haudenschilt

Family Connections Cms

= 0.1.2
📦
Haudenschilt

Family Connections Cms

= 0.5
📦
Haudenschilt

Family Connections Cms

= 0.6

References & Advisories

🔗 http://osvdb.org/39534
🔗 http://secunia.com/advisories/26421
🔗 http://securityreason.com/securityalert/3009
🔗 http://sourceforge.net/tracker/index.php?func=detail&aid=1778696&group_id=189733&atid=930513
🔗 http://www.attrition.org/pipermail/vim/2007-August/001762.html
🔗 http://www.attrition.org/pipermail/vim/2007-August/001768.html
🔗 http://www.securityfocus.com/archive/1/476142/100/0/threaded
🔗 http://www.securityfocus.com/archive/1/476293/100/0/threaded

関連する脆弱性情報

CVE-2012-06998.8

Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attac...

CVE-2010-34197.5

Multiple PHP remote file inclusion vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 2.2.3 allow remote attackers to e...

CVE-2011-51306.8

dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute ...

CVE-2008-29016.5

Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.4 allow remote authenticated users to execu...