CVE-2007-4338

Severity

99%

Complexity

99%

Confidentiality

165%

index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter.

index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter.

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

Type

Haudenschilt Family Connections CMS (FCMS)

First reported 17 years ago

2007-08-14 18:17:00

Last updated 6 years ago

2018-10-15 21:34:00

Affected Software

Haudenschilt Family Connections CMS (FCMS) 0.1.1

0.1.1

Haudenschilt Family Connections CMS (FCMS) 0.1.2

0.1.2

Haudenschilt Family Connections CMS (FCMS) 0.5

0.5

Haudenschilt Family Connections CMS (FCMS) 0.6

0.6

References

39534

26421

Vendor Advisory

3009

http://sourceforge.net/tracker/index.php?func=detail&aid=1778696&group_id=189733&atid=930513

20070814 uncertain: FCMS (Family Connections) code execution

20070823 vendor ACK for CVE-2007-4338 (Familr Connections)

20070811 FCMS (Family Connections) <= 0.1.1 Remote Command Execution Exploit // www.MefistoLabs.com

20070813 Re: FCMS (Family Connections) <= 0.1.1 Remote Command Execution Exploit // www.MefistoLabs.com

25276

Exploit

family-fcmsloginid-security-bypass(35966)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.