CVE-2009-2010

Published: Jun 8, 2009Modified: Apr 23, 2026

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability: 8.0 / Impact: 6.4

Source: NVD

Description

Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) thread parameter to messageboard.php, (2) member parameter to profile.php, (3) pid parameter to gallery/index.php, and the (4) fcms_login_id cookie parameter.

Affected (10)

Products: Haudenschilt: Family Connections Cms

1 product

Family Connections Cms

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Haudenschilt Family Connections Cms	Up to 1.9
Haudenschilt Family Connections Cms	Version 0.1.1
Haudenschilt Family Connections Cms	Version 0.1.2
Haudenschilt Family Connections Cms	Version 0.5
Haudenschilt Family Connections Cms	Version 0.6
Haudenschilt Family Connections Cms	Version 0.8
Haudenschilt Family Connections Cms	Version 0.9
Haudenschilt Family Connections Cms	Version 1.4
Haudenschilt Family Connections Cms	Version 1.8.1
Haudenschilt Family Connections Cms	Version 1.8.2

Related CWEs

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

References (10)

http://secunia.com/advisories/35039

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/503477/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/34935

Source: cve@mitre.org

Exploit

http://www.vupen.com/english/advisories/2009/1306

Source: cve@mitre.org

Vendor Advisory

https://www.exploit-db.com/exploits/8671

Source: cve@mitre.org

http://secunia.com/advisories/35039

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/archive/1/503477/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/34935

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.vupen.com/english/advisories/2009/1306

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.exploit-db.com/exploits/8671

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.