Description

Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) thread parameter to messageboard.php, (2) member parameter to profile.php, (3) pid parameter to gallery/index.php, and the (4) fcms_login_id cookie parameter.

Remediation

References

CVE-2009-2010

Related Vulnerabilities

WordPress Plugin Portfolio by BestWebSoft Multiple Cross-Site Scripting Vulnerabilities (2.27)

WordPress Plugin Delete All Comments Arbitrary File Upload (2.0)

Ruby on Rails Improper Input Validation Vulnerability (CVE-2011-2929)

Ruby Improper Authentication Vulnerability (CVE-2008-3905)

Phusion Passenger Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2018-12026)

Severity

Medium

Classification

CVE-2009-2010 CWE-138

Tags

Missing Update Known Vulnerabilities