Back to search
CVE-2009-2010
Published: Jun 8, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) thread parameter to messageboard.php, (2) member parameter to profile.php, (3) pid parameter to gallery/index.php, and the (4) fcms_login_id cookie parameter.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
35039
third-party-advisory
x_refsource_SECUNIA
34935
vdb-entry
x_refsource_BID
8671
exploit
x_refsource_EXPLOIT-DB
20090513 (GET var 'member') BLIND SQL INJECTION EXPLOIT --FAMILY CONNECTIONS <= v1.9 -->
mailing-list
x_refsource_BUGTRAQ
ADV-2009-1306
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now