Lucene search

[email protected]CVE-2007-4338

HistoryAug 14, 2007 - 6:17 p.m.

CVE-2007-4338

2007-08-1418:17:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2007-4338

remote code execution

fcms

php

security vulnerability

nvd

7.3 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.421 Medium

EPSS

Percentile

97.3%

JSON

index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account’s name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter.

Affected configurations

NVD

Node

haudenschiltfamily_connections_cmsRange≤0.8

haudenschiltfamily_connections_cmsMatch0.1.1

haudenschiltfamily_connections_cmsMatch0.1.2

haudenschiltfamily_connections_cmsMatch0.5

haudenschiltfamily_connections_cmsMatch0.6

CPENameOperatorVersion
haudenschilt:family_connections_cmshaudenschilt family connections cmsle0.8
haudenschilt:family_connections_cmshaudenschilt family connections cmseq0.1.1
haudenschilt:family_connections_cmshaudenschilt family connections cmseq0.1.2
haudenschilt:family_connections_cmshaudenschilt family connections cmseq0.5
haudenschilt:family_connections_cmshaudenschilt family connections cmseq0.6

CPE	Name	Operator	Version
haudenschilt:family_connections_cms	haudenschilt family connections cms	le	0.8
haudenschilt:family_connections_cms	haudenschilt family connections cms	eq	0.1.1
haudenschilt:family_connections_cms	haudenschilt family connections cms	eq	0.1.2
haudenschilt:family_connections_cms	haudenschilt family connections cms	eq	0.5
haudenschilt:family_connections_cms	haudenschilt family connections cms	eq	0.6

References

osvdb.org/39534

secunia.com/advisories/26421

securityreason.com/securityalert/3009

sourceforge.net/tracker/index.php?func=detail&aid=1778696&group_id=189733&atid=930513

www.attrition.org/pipermail/vim/2007-August/001762.html

www.attrition.org/pipermail/vim/2007-August/001768.html

www.securityfocus.com/archive/1/476142/100/0/threaded

www.securityfocus.com/archive/1/476293/100/0/threaded

www.securityfocus.com/bid/25276

exchange.xforce.ibmcloud.com/vulnerabilities/35966

7.3 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.421 Medium

EPSS

Percentile

97.3%

JSON

Related for CVE-2007-4338

prion1 nvd1 cvelist1