Family Connections Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-5130)

Description

dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter.

Remediation

References

CVE-2011-5130

Related Vulnerabilities

Oracle Database Server CVE-2011-0785 Vulnerability (CVE-2011-0785)

Oracle JRE CVE-2014-0449 Vulnerability (CVE-2014-0449)

WordPress Plugin Global Content Blocks Cross-Site Request Forgery (2.1.5)

Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9514)

WordPress Plugin WP Fastest Cache Multiple Vulnerabilities (0.9.4)

Severity

Medium

Classification

CVE-2011-5130 CWE-94