Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Family Connections Permissions Privileges and Access Controls Vulnerability - CVE-2007-4338 - Vulnerability Database
Family Connections

Family Connections Permissions Privileges and Access Controls Vulnerability - CVE-2007-4338

Critical
Reference: CVE-2007-4338
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2007-4338
Title: Family Connections Permissions Privileges and Access Controls Vulnerability
Overview:

index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account39s name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter.