CVE-2008-2901

Name of the Vulnerable Software and Affected Versions Haudenschilt Family Connections CMS (FCMS) version 1.4

Description The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in the address parameter to "addressbook.php", the getnews parameter to "familynews.php", and the poll id parameter to "home.php" in a results action.

Recommendations For Haudenschilt Family Connections CMS (FCMS) version 1.4, consider restricting access to the vulnerable parameters address, getnews, and poll id in their respective API endpoints "addressbook.php", "familynews.php", and "home.php" until a patch is available. As a temporary workaround, avoid using these parameters in the affected endpoints to minimize the risk of exploitation.