PT-2010-4809 · Haudenschilt · Haudenschilt Family Connections Cms

Lost.Hacker

Published

2010-09-16

Updated

2017-08-17

CVE-2010-3419

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Haudenschilt Family Connections CMS (FCMS) version 2.2.3

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the current user id parameter to specific API endpoints, such as "familynews.php" and "settings.php".

Recommendations For version 2.2.3, consider restricting access to the familynews.php and settings.php endpoints until a patch is available. Avoid using the current user id parameter in these endpoints to minimize the risk of exploitation.

Exploit

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2010-3419

Affected Products

Haudenschilt Family Connections Cms

PT-2010-4809 · Haudenschilt · Haudenschilt Family Connections Cms

CVE-2010-3419

Weakness Enumeration

Related Identifiers

Affected Products

References · 6