PT-2010-4809 · Haudenschilt · Haudenschilt Family Connections Cms

Lost.Hacker

Publicado

2010-09-16

Atualizado

2017-08-17

CVE-2010-3419

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Haudenschilt Family Connections CMS (FCMS) version 2.2.3

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the current user id parameter to specific API endpoints, such as "familynews.php" and "settings.php".

Recommendations For version 2.2.3, consider restricting access to the familynews.php and settings.php endpoints until a patch is available. Avoid using the current user id parameter in these endpoints to minimize the risk of exploitation.

Exploit

Correção

RCE

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2010-3419

Produtos afetados

Haudenschilt Family Connections Cms

PT-2010-4809 · Haudenschilt · Haudenschilt Family Connections Cms

CVE-2010-3419

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6