CVE-2009-2010
Haudenschilt Family Connections CMS <1.9 - SQL Injection
Title source: llmDescription
Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) thread parameter to messageboard.php, (2) member parameter to profile.php, (3) pid parameter to gallery/index.php, and the (4) fcms_login_id cookie parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by YEnH4ckEr · perlwebappsphp
https://www.exploit-db.com/exploits/8671
References (5)
Scores
EPSS
0.0030
EPSS Percentile
53.6%
Details
CWE
CWE-89
Status
published
Products (10)
haudenschilt/family_connections_cms
0.1.1
haudenschilt/family_connections_cms
0.1.2
haudenschilt/family_connections_cms
0.5
haudenschilt/family_connections_cms
0.6
haudenschilt/family_connections_cms
0.8
haudenschilt/family_connections_cms
0.9
haudenschilt/family_connections_cms
1.4
haudenschilt/family_connections_cms
1.8.1
haudenschilt/family_connections_cms
1.8.2
haudenschilt/family_connections_cms
< 1.9
Published
Jun 08, 2009
Tracked Since
Feb 18, 2026