Vulnerabilities > Haudenschilt > Family Connections CMS > 2.2.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-01-11 | CVE-2012-0699 | Cross-Site Request Forgery (CSRF) vulnerability in Haudenschilt Family Connections CMS Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php. | 6.8 |
2010-09-16 | CVE-2010-3419 | Code Injection vulnerability in Haudenschilt Family Connections CMS 2.2.3 Multiple PHP remote file inclusion vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the current_user_id parameter to (1) familynews.php and (2) settings.php. | 7.5 |