Description

dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter.

Remediation

References

CVE-2011-5130

Related Vulnerabilities

WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.5)

WordPress Plugin Community Events 'id' Parameter SQL Injection (1.2.2)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42044)

WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan Security Bypass (8.9)

Liferay Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-28884)

Severity

Medium

Classification

CVE-2011-5130 CWE-94

Tags

Missing Update Known Vulnerabilities