Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php.
Remediation
References
Related Vulnerabilities
PHP CVE-2009-3293 Vulnerability (CVE-2009-3293)
WebLogic CVE-2019-2395 Vulnerability (CVE-2019-2395)
WordPress Plugin EventCommerce WP Event Calendar Cross-Site Scripting (1.0)
Ruby Interpretation Conflict Vulnerability (CVE-2021-33621)
Drupal Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-6385)