Security Advisory

CVE-2007-4338

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2007-08-14 18:00:00

Last updated 2024-08-07 14:53:55

Assigner mitre

State PUBLISHED

Description

index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the accounts name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter.

← Browse all CVEs View on cve.org ↗