Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Family Connections Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-4338)

Description

index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter.

Remediation

References

Related Vulnerabilities

WordPress Plugin Corner Ad Cross-Site Scripting (1.0.7)

Magento Improper Authorization Vulnerability (CVE-2020-24403)

Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-23209)

WordPress Plugin Google Maps in Posts Cross-Site Scripting (1.5.3)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2606)

Severity

Critical

Classification

CVE-2007-4338 CWE-264

Tags

Missing Update Known Vulnerabilities