cbcvebase.
CVE-2007-4338
published 2007-08-14

CVE-2007-4338: index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the…

PriorityP353critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
8.92%
94.6th percentile
index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter.

Affected

5 ranges
VendorProductVersion rangeFixed in
haudenschiltfamily_connections_cms<= 0.8
haudenschiltfamily_connections_cms
haudenschiltfamily_connections_cms
haudenschiltfamily_connections_cms
haudenschiltfamily_connections_cms
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.