Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4338

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-4338
Last Modified 29 Dec 2010 12:00:00
Published 14 Aug 2007 02:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4338

Summary

index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter.

Vulnerable Systems

Application

  • Haudenschilt Family Connections Cms 0.1.1

  • Haudenschilt Family Connections Cms 0.1.2

  • Haudenschilt Family Connections Cms 0.5

  • Haudenschilt Family Connections Cms 0.6

  • Haudenschilt Family Connections Cms 0.8


References

XF - family-fcmsloginid-security-bypass(35966)

BID - 25276

BUGTRAQ - 20070813 Re: FCMS (Family Connections) <= 0.1.1 Remote Command Execution Exploit // www.MefistoLabs.com

BUGTRAQ - 20070811 FCMS (Family Connections) <= 0.1.1 Remote Command Execution Exploit // www.MefistoLabs.com

VIM - 20070823 vendor ACK for CVE-2007-4338 (Familr Connections)

VIM - 20070814 uncertain: FCMS (Family Connections) code execution

CONFIRM - http://sourceforge.net/tracker/index.php?func=detail&aid=1778696&group_id=189733&atid=930513

SREASON - 3009

SECUNIA - 26421

OSVDB - 39534


Last Updated: 27 May 2016 10:45:50