Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php.
References
Link | Resource |
---|---|
http://www.exploit-db.com/exploits/18667 | Exploit Third Party Advisory VDB Entry |
http://www.exploit-db.com/exploits/18667 | Exploit Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 01:35
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.exploit-db.com/exploits/18667 - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2018-01-11 20:29
Updated : 2024-11-21 01:35
NVD link : CVE-2012-0699
Mitre link : CVE-2012-0699
CVE.ORG link : CVE-2012-0699
JSON object : View
Products Affected
haudenschilt
- family_connections_cms
CWE
CWE-352
Cross-Site Request Forgery (CSRF)