VYPR

Family Connections

by Haudenschilt

CVEs (2)

  • CVE-2007-4338Aug 14, 2007
    risk 0.04cvss epss 0.09

    index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the…

  • CVE-2009-4791Apr 22, 2010
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Family Connections (aka FCMS) before 1.8.2 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to addressbook.php, (2) id parameter to recipes.php, (3) year parameter to register.php, (4) poll_id…