cbcvebase.
CVE-2009-2010
published 2009-06-08

CVE-2009-2010: Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.9 and earlier allow remote authenticated users to execute arbitrary SQL…

PriorityP433medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
0.90%
55.2th percentile
Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) thread parameter to messageboard.php, (2) member parameter to profile.php, (3) pid parameter to gallery/index.php, and the (4) fcms_login_id cookie parameter.

Affected

11 ranges
VendorProductVersion rangeFixed in
g.rodolapyftpdlib>= 0 < 0.5.10.5.1
haudenschiltfamily_connections_cms<= 1.9
haudenschiltfamily_connections_cms
haudenschiltfamily_connections_cms
haudenschiltfamily_connections_cms
haudenschiltfamily_connections_cms
haudenschiltfamily_connections_cms
haudenschiltfamily_connections_cms
haudenschiltfamily_connections_cms
haudenschiltfamily_connections_cms
haudenschiltfamily_connections_cms

CVSS provenance

nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
ghsa4.3MEDIUM
vendor_cisco7.8HIGH
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.