index.php in Ryan Haudenschilt Family Connections (FCMS) prior to 0.9 allows remote malicious users to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
haudenschilt family connections cms 0.1.1 |
||
haudenschilt family connections cms 0.1.2 |
||
haudenschilt family connections cms 0.5 |
||
haudenschilt family connections cms 0.6 |
||
haudenschilt family connections cms |