Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5130

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-5130
Last Modified 07 Oct 2013 02:12:48
Published 30 Aug 2012 06:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-5130

Summary

dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter.

Vulnerable Systems

Application

  • Haudenschilt Family Connections Cms 2.5.0

  • Haudenschilt Family Connections Cms 2.5.1

  • Haudenschilt Family Connections Cms 2.5.2

  • Haudenschilt Family Connections Cms 2.5.3

  • Haudenschilt Family Connections Cms 2.5.4

  • Haudenschilt Family Connections Cms 2.6.0

  • Haudenschilt Family Connections Cms 2.7.0

  • Haudenschilt Family Connections Cms 2.7.1


References

CONFIRM - https://www.familycms.com/blog/2011/11/security-vulnerability-fcms-2-5-2-7-1/

XF - family-connections-less-command-exec(71618)

EXPLOIT-DB - 18208

EXPLOIT-DB - 18198

CONFIRM - http://sourceforge.net/apps/trac/fam-connections/ticket/407

SECUNIA - 47069

OSVDB - 77492


Last Updated: 27 May 2016 11:00:25