2 matches found
CVE-2009-2010
Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS FCMS 1.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 thread parameter to messageboard.php, 2 member parameter to profile.php, 3 pid parameter to gallery/index.php, and the 4...
Design/Logic Flaw
index.php in Ryan Haudenschilt Family Connections FCMS before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcmsloginid cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter...