PT-2018-4045 · Fcms · Family Connections Cms

Ahmed Elhady Mohamed

Published

2018-01-11

Updated

2018-01-31

CVE-2012-0699

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Family Connections CMS (FCMS) versions 2.9 and earlier

Description The issue allows remote attackers to hijack the authentication of arbitrary users for requests. This can be done by exploiting cross-site request forgery (CSRF) vulnerabilities in two areas: adding news via the "add" action to "familynews.php" and adding a prayer via the "add" action to "prayers.php".

Recommendations For Family Connections CMS (FCMS) versions 2.9 and earlier, update to a version later than 2.9 to resolve the issue.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2012-0699

Affected Products

Family Connections Cms

PT-2018-4045 · Fcms · Family Connections Cms

CVE-2012-0699

Weakness Enumeration

Related Identifiers

Affected Products

References · 5