Description

dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter.

Remediation

References

CVE-2011-5130

Related Vulnerabilities

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-29907)

phpMyFAQ Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2023-4006)

SugarCRM Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-35810)

WordPress Plugin Embed Images in Comments Cross-Site Scripting (0.5)

WordPress Plugin Store Locator for WordPress with Google Maps-LotsOfLocales Cross-Site Request Forgery (3.98.7)

Severity

Medium

Classification

CVE-2011-5130 CWE-94

Tags

Missing Update Known Vulnerabilities