CVE-2007-4338

index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:haudenschilt:family_connections_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:haudenschilt:family_connections_cms:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:haudenschilt:family_connections_cms:0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:haudenschilt:family_connections_cms:0.5:*:*:*:*:*:*:*
cpe:2.3:a:haudenschilt:family_connections_cms:0.6:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-08-14 18:17

Updated : 2024-02-04 17:13


NVD link : CVE-2007-4338

Mitre link : CVE-2007-4338

CVE.ORG link : CVE-2007-4338


JSON object : View

Products Affected

haudenschilt

  • family_connections_cms
CWE
CWE-264

Permissions, Privileges, and Access Controls