PT-2018-4045 · Fcms · Family Connections Cms

Ahmed Elhady Mohamed

Publicado

2018-01-11

Atualizado

2018-01-31

CVE-2012-0699

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Family Connections CMS (FCMS) versions 2.9 and earlier

Description The issue allows remote attackers to hijack the authentication of arbitrary users for requests. This can be done by exploiting cross-site request forgery (CSRF) vulnerabilities in two areas: adding news via the "add" action to "familynews.php" and adding a prayer via the "add" action to "prayers.php".

Recommendations For Family Connections CMS (FCMS) versions 2.9 and earlier, update to a version later than 2.9 to resolve the issue.

Exploit

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2012-0699

Produtos afetados

Family Connections Cms

PT-2018-4045 · Fcms · Family Connections Cms

CVE-2012-0699

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5