Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.4 allow remote authenticated users to execute arbitrary SQL commands via the (1) address parameter to addressbook.php, the (2) getnews parameter to familynews.php, and the (3) poll_id parameter to home.php in a results action.
References
Configurations
History
21 Nov 2024, 00:47
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/30680 - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/29722 - Exploit | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/43097 - | |
References | () https://www.exploit-db.com/exploits/5811 - |
Information
Published : 2008-06-30 18:24
Updated : 2024-11-21 00:47
NVD link : CVE-2008-2901
Mitre link : CVE-2008-2901
CVE.ORG link : CVE-2008-2901
JSON object : View
Products Affected
haudenschilt
- family_connections_cms
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')