Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Family Connections Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-2010)

Description

Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) thread parameter to messageboard.php, (2) member parameter to profile.php, (3) pid parameter to gallery/index.php, and the (4) fcms_login_id cookie parameter.

Remediation

References

Related Vulnerabilities

ZenCart Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-0697)

Liferay Portal Missing Authorization Vulnerability (CVE-2025-43788)

Django Improper Output Neutralization for Logs Vulnerability (CVE-2025-48432)

WordPress Plugin CM Ad Changer Multiple Cross-Site Scripting Vulnerabilities (1.7.2)

WordPress Plugin MainWP Child-Securely connects sites to the MainWP WordPress Manager Dashboard Unspecified Vulnerability (2.0.27)

Severity

Medium

Classification

CVE-2009-2010 CWE-138

Tags

Missing Update Known Vulnerabilities