PT-2007-5523 · Unknown · Family Connections Cms

Published

2007-08-14

Updated

2018-10-15

CVE-2007-4338

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Family Connections (FCMS) versions prior to 0.9

Description The issue allows remote attackers to access an arbitrary account by manipulating the fcms login id cookie. This can be further exploited for code execution by sending a POST request with PHP code in the content parameter.

Recommendations For versions prior to 0.9, consider restricting access to the index.php file until a patch is available. As a temporary workaround, avoid using the fcms login id cookie and restrict the content parameter in POST requests to prevent code execution.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2007-4338

Affected Products

Family Connections Cms

PT-2007-5523 · Unknown · Family Connections Cms

CVE-2007-4338

Weakness Enumeration

Related Identifiers

Affected Products

References · 13