7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.8 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
45.6%
Multiple SQL injection vulnerabilities in Family Connections (aka FCMS) before 1.8.2 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to addressbook.php, (2) id parameter to recipes.php, (3) year parameter to register.php, (4) poll_id parameter to home.php, and (5) email parameter to lostpw.php.
secunia.com/advisories/34503
sourceforge.net/project/shownotes.php?release_id=672266
sourceforge.net/tracker/?func=detail&aid=2722736&group_id=189733&atid=930513
www.exploit-db.com/exploits/8319
www.familycms.com/blog/2009/03/fcms-182-released/
www.securityfocus.com/archive/1/502272/100/0/threaded
www.securityfocus.com/bid/34297