Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Family Connections Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2008-2901 - Vulnerability Database
Family Connections

Family Connections Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2008-2901

Medium
Reference: CVE-2008-2901
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2008-2901
Title: Family Connections Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.4 allow remote authenticated users to execute arbitrary SQL commands via the (1) address parameter to addressbook.php the (2) getnews parameter to familynews.php and the (3) poll_id parameter to home.php in a results action.