QwikSec

Security Database

CVE

CWE

Training

CVE-2007-4338

Published: Aug 14, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SREASON

20070813 Re: FCMS (Family Connections) <= 0.1.1 Remote Command Execution Exploit // www.MefistoLabs.com

mailing-list

x_refsource_BUGTRAQ

20070811 FCMS (Family Connections) <= 0.1.1 Remote Command Execution Exploit // www.MefistoLabs.com

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_SECUNIA

family-fcmsloginid-security-bypass(35966)

vdb-entry

x_refsource_XF

20070814 uncertain: FCMS (Family Connections) code execution

mailing-list

x_refsource_VIM

http://sourceforge.net/tracker/index.php?func=detail&aid=1778696&group_id=189733&atid=930513

x_refsource_CONFIRM

vdb-entry

x_refsource_OSVDB

20070823 vendor ACK for CVE-2007-4338 (Familr Connections)

mailing-list

x_refsource_VIM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.