Haudenschilt: >> Family Connections Cms >> 2.5.0 Security Vulnerabilities
Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php.
CVSS Score
8.8
EPSS Score
0.005
Published
2018-01-11
dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter.
CVSS Score
6.8
EPSS Score
0.745
Published
2012-08-30