CVE-2007-4338
CVE-2007-4338
index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/30488unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://osvdb.org/39534http://secunia.com/advisories/26421http://securityreason.com/securityalert/3009https://exchange.xforce.ibmcloud.com/vulnerabilities/35966http://sourceforge.net/tracker/index.php?func=detail&aid=1778696&group_id=189733&atid=930513http://www.attrition.org/pipermail/vim/2007-August/001762.htmlhttp://www.attrition.org/pipermail/vim/2007-August/001768.htmlhttp://www.securityfocus.com/archive/1/476142/100/0/threadedhttp://www.securityfocus.com/archive/1/476293/100/0/threadedhttp://www.securityfocus.com/bid/25276