CVE-2009-2010

Haudenschilt Family Connections CMS <1.9 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2010. PoCs published by YEnH4ckEr.

AI-analyzed exploit summary This Perl script exploits a blind SQL injection vulnerability in Family Connections CMS <= v1.9 via the 'member' GET parameter in profile.php. It requires valid user credentials and leverages cookie-based authentication to perform the attack.

Description

Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) thread parameter to messageboard.php, (2) member parameter to profile.php, (3) pid parameter to gallery/index.php, and the (4) fcms_login_id cookie parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by YEnH4ckEr · perlwebappsphp

https://www.exploit-db.com/exploits/8671

View Code ZIP pw:eip

This Perl script exploits a blind SQL injection vulnerability in Family Connections CMS <= v1.9 via the 'member' GET parameter in profile.php. It requires valid user credentials and leverages cookie-based authentication to perform the attack.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Family Connections CMS <= v1.9

Auth required

Prerequisites: Valid username and password · User ID from cookies · Magic quotes disabled or bypassable

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35039

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/34935

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/8671

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/503477/100/0/threaded

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1306

Scores

EPSS 0.0090

EPSS Percentile 54.9%

Details

CWE

CWE-89

Status published

Products (10)

haudenschilt/family_connections_cms 0.1.1

haudenschilt/family_connections_cms 0.1.2

haudenschilt/family_connections_cms 0.5

haudenschilt/family_connections_cms 0.6

haudenschilt/family_connections_cms 0.8

haudenschilt/family_connections_cms 0.9

haudenschilt/family_connections_cms 1.4

haudenschilt/family_connections_cms 1.8.1

haudenschilt/family_connections_cms 1.8.2

haudenschilt/family_connections_cms < 1.9

Published Jun 08, 2009

Tracked Since Feb 18, 2026