CVE-2009-2010

Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) thread parameter to messageboard.php, (2) member parameter to profile.php, (3) pid parameter to gallery/index.php, and the (4) fcms_login_id cookie parameter.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
VendorProductVersion
haudenschiltfamily_connections_cms
𝑥
≤ 1.9
haudenschiltfamily_connections_cms
0.1.1
haudenschiltfamily_connections_cms
0.1.2
haudenschiltfamily_connections_cms
0.5
haudenschiltfamily_connections_cms
0.6
haudenschiltfamily_connections_cms
0.8
haudenschiltfamily_connections_cms
0.9
haudenschiltfamily_connections_cms
1.4
haudenschiltfamily_connections_cms
1.8.1
haudenschiltfamily_connections_cms
1.8.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/35039
http://www.securityfocus.com/archive/1/503477/100/0/threaded
http://www.securityfocus.com/bid/34935
http://www.vupen.com/english/advisories/2009/1306
https://www.exploit-db.com/exploits/8671
http://secunia.com/advisories/35039
http://www.securityfocus.com/archive/1/503477/100/0/threaded
http://www.securityfocus.com/bid/34935
http://www.vupen.com/english/advisories/2009/1306
https://www.exploit-db.com/exploits/8671