Описание
index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter.
index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-4338
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35966
- http://osvdb.org/39534
- http://secunia.com/advisories/26421
- http://securityreason.com/securityalert/3009
- http://sourceforge.net/tracker/index.php?func=detail&aid=1778696&group_id=189733&atid=930513
- http://www.attrition.org/pipermail/vim/2007-August/001762.html
- http://www.attrition.org/pipermail/vim/2007-August/001768.html
- http://www.securityfocus.com/archive/1/476142/100/0/threaded
- http://www.securityfocus.com/archive/1/476293/100/0/threaded
- http://www.securityfocus.com/bid/25276
EPSS
CVE ID
Связанные уязвимости
index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter.
EPSS