Unrated severityNVD Advisory· Published Apr 22, 2010· Updated Apr 29, 2026
CVE-2009-4791
CVE-2009-4791
Description
Multiple SQL injection vulnerabilities in Family Connections (aka FCMS) before 1.8.2 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to addressbook.php, (2) id parameter to recipes.php, (3) year parameter to register.php, (4) poll_id parameter to home.php, and (5) email parameter to lostpw.php.
Affected products
32cpe:2.3:a:ryan_haudenschilt:family_connections:*:*:*:*:*:*:*:*+ 31 more
- cpe:2.3:a:ryan_haudenschilt:family_connections:*:*:*:*:*:*:*:*range: <=1.8.1
- cpe:2.3:a:ryan_haudenschilt:family_connections:0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:0.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:0.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:0.9.9:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:1.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:1.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_haudenschilt:family_connections:1.8:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- www.securityfocus.com/bid/34297nvdExploitPatch
- secunia.com/advisories/34503nvdVendor Advisory
- sourceforge.net/project/shownotes.phpnvd
- sourceforge.net/tracker/nvd
- www.exploit-db.com/exploits/8319nvd
- www.familycms.com/blog/2009/03/fcms-182-released/nvd
- www.securityfocus.com/archive/1/502272/100/0/threadednvd
News mentions
0No linked articles in our index yet.