Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and previous versions allow remote malicious users to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
haudenschilt family connections cms |