CVE-2007-4338

Name of the Vulnerable Software and Affected Versions Family Connections (FCMS) versions prior to 0.9

Description The issue allows remote attackers to access an arbitrary account by manipulating the fcms login id cookie. This can be further exploited for code execution by sending a POST request with PHP code in the content parameter.

Recommendations For versions prior to 0.9, consider restricting access to the index.php file until a patch is available. As a temporary workaround, avoid using the fcms login id cookie and restrict the content parameter in POST requests to prevent code execution.