Description
Multiple PHP remote file inclusion vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the current_user_id parameter to (1) familynews.php and (2) settings.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Theme Blvd Widget Areas Multiple Security Bypass Vulnerabilities (1.2.2)
WordPress Plugin Yandex.News Feed by Teplitsa Cross-Site Scripting (1.12.5)
WordPress Plugin Contact Form 7 Database Addon-CFDB7 CSV Injection (1.2.5.5)
Wordpress Plugin Backup Migration CVE-2023-6271 Vulnerability (CVE-2023-6271)
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2021-23841)