Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.4 allow remote authenticated users to execute arbitrary SQL commands via the (1) address parameter to addressbook.php, the (2) getnews parameter to familynews.php, and the (3) poll_id parameter to home.php in a results action.
References
Configurations
History
No history.
Information
Published : 2008-06-30 18:24
Updated : 2024-02-28 11:21
NVD link : CVE-2008-2901
Mitre link : CVE-2008-2901
CVE.ORG link : CVE-2008-2901
JSON object : View
Products Affected
haudenschilt
- family_connections_cms
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')