Description
dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Token Manager 'tid' Parameter Multiple Cross-Site Scripting Vulnerabilities (1.0.2)
WordPress Plugin Coupon Creator Cross-Site Request Forgery (3.1)
Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7872)
PostgreSQL Other Vulnerability (CVE-2005-0246)
WordPress Plugin Subscribe2 Unspecified Vulnerability (10.20.5)