Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php.

Remediation

References

CVE-2012-0699

Related Vulnerabilities

Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-12528)

phpMyAdmin Improper Input Validation Vulnerability (CVE-2011-0987)

WordPress Plugin Social Slider 'rA[]' Parameter SQL Injection (5.6.5)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-28108)

WordPress Plugin Count per Day 'userperspan.php' Multiple Cross-Site Scripting Vulnerabilities (3.1.1)

Severity

High

Classification

CVE-2012-0699 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities