Vulnerability Description
index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Haudenschilt | Family Connections Cms | <= 0.8 |
Related Weaknesses (CWE)
References
- http://osvdb.org/39534
- http://secunia.com/advisories/26421Vendor Advisory
- http://securityreason.com/securityalert/3009
- http://sourceforge.net/tracker/index.php?func=detail&aid=1778696&group_id=189733
- http://www.attrition.org/pipermail/vim/2007-August/001762.html
- http://www.attrition.org/pipermail/vim/2007-August/001768.html
- http://www.securityfocus.com/archive/1/476142/100/0/threaded
- http://www.securityfocus.com/archive/1/476293/100/0/threaded
- http://www.securityfocus.com/bid/25276Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35966
- http://osvdb.org/39534
- http://secunia.com/advisories/26421Vendor Advisory
- http://securityreason.com/securityalert/3009
- http://sourceforge.net/tracker/index.php?func=detail&aid=1778696&group_id=189733
- http://www.attrition.org/pipermail/vim/2007-August/001762.html
FAQ
What is CVE-2007-4338?
CVE-2007-4338 is a vulnerability with a CVSS score of 10.0 (HIGH). index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. NOTE:...
How severe is CVE-2007-4338?
CVE-2007-4338 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4338?
Check the references section above for vendor advisories and patch information. Affected products include: Haudenschilt Family Connections Cms.