What is CVE-2011-5130?

CVE-2011-5130 is a vulnerability in Haudenschilt Family_connections_cms, classified under Code Injection. Published 2012-08-30.

Is CVE-2011-5130 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Haudenschilt Family_connections_cms

CVE-2011-5130

dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.745 (98.9th percentile) — read the EPSS interpretation.

Affected products

Haudenschilt Family_connections_cms — versions 2.5.0, 2.5.1, 2.5.2
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

47069 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Exploit)
family-connections-less-command-exec(71618) (vdb-entry, x_refsource_XF)
18198 (Exploit, exploit, x_refsource_EXPLOIT-DB)
18208 (Exploit, exploit, x_refsource_EXPLOIT-DB)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
77492 (x_refsource_OSVDB, vdb-entry)

Frequently asked questions

What is CVE-2011-5130?: CVE-2011-5130 is a vulnerability in Haudenschilt Family_connections_cms, classified under Code Injection. Published 2012-08-30.
Is CVE-2011-5130 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.