CVE-2007-4338 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-4338
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-4338

Description: index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/35966 VIM http://www.attrition.org/pipermail/vim/2007-August/001762.html http://www.attrition.org/pipermail/vim/2007-August/001768.html SREASON http://securityreason.com/securityalert/3009 SAID Secunia Advisory: SA26421 OSVDB 39534 CONFIRM http://sourceforge.net/tracker/index.php?func=detail&aid=1778696&group_id=189733&atid=930513 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/476293/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/476142/100/0/threaded BID 25276

Return to the previous page.