Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php.

Remediation

References

CVE-2012-0699

Related Vulnerabilities

Phusion Passenger Other Vulnerability (CVE-2014-1831)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2097)

WordPress Plugin Kento Post View Counter Multiple Vulnerabilities (2.8)

MySQL Other Vulnerability (CVE-2000-0981)

Python Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-20907)

Severity

High

Classification

CVE-2012-0699 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities