RCE in Haudenschilt Family_connections_cms

CVE-2010-3419

Multiple PHP remote file inclusion vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the current_user_id parameter to (1) familynews.php and (2) settings.p…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.009 (76.6th percentile) — read the EPSS interpretation.

Affected products

Haudenschilt Family_connections_cms — versions 2.2.3
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

14965 (Exploit, exploit, x_refsource_EXPLOIT-DB)
cve@mitre.org (Exploit, x_refsource_MISC)
fcms-familynews-file-include(61722) (vdb-entry, x_refsource_XF)