Lucene search

K
cve[email protected]CVE-2007-4338
HistoryAug 14, 2007 - 6:17 p.m.

CVE-2007-4338

2007-08-1418:17:00
CWE-264
web.nvd.nist.gov
17
cve-2007-4338
remote code execution
fcms
php
security vulnerability
nvd

7.3 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.421 Medium

EPSS

Percentile

97.3%

index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account’s name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter.

Affected configurations

NVD
Node
haudenschiltfamily_connections_cmsRange0.8
OR
haudenschiltfamily_connections_cmsMatch0.1.1
OR
haudenschiltfamily_connections_cmsMatch0.1.2
OR
haudenschiltfamily_connections_cmsMatch0.5
OR
haudenschiltfamily_connections_cmsMatch0.6

7.3 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.421 Medium

EPSS

Percentile

97.3%

Related for CVE-2007-4338