Sign in
CVE-2009-4791
CVE-2009-4791
Description
Multiple SQL injection vulnerabilities in Family Connections (aka FCMS) before 1.8.2 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to addressbook.php, (2) id parameter to recipes.php, (3) year parameter to register.php, (4) poll_id parameter to home.php, and (5) email parameter to lostpw.php.
Impact
CVSS v2 : 7.5 HIGH
Type
CWE-89
Attack Vector
CVSSv2 Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P
Quick links
CVE
,
NVD
,
CERT
,
Metasploit
,
Exploit-db
,
Fulldisc
,
Bugtraq
,
Microsoft
,
Red Hat
,
Debian
, GitHub
code
/
issues
,
Google
References
http://secunia.com/advisories/34503
http://sourceforge.net/project/shownotes.php?release_id=672266
http://sourceforge.net/tracker/?func=detail&aid=2722736&group_id=189733&atid=930513
http://www.exploit-db.com/exploits/8319
http://www.familycms.com/blog/2009/03/fcms-182-released/
http://www.securityfocus.com/archive/1/502272/100/0/threaded
http://www.securityfocus.com/bid/34297
FAQ
Terms of service
Privacy policy
