CVE-2012-0699

Published: Jan 11, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php.

Affected (1)

Products: Haudenschilt: Family Connections Cms

1 product

Family Connections Cms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Haudenschilt Family Connections Cms	Up to 2.9.0

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

http://www.exploit-db.com/exploits/18667

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://www.exploit-db.com/exploits/18667

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.