CVE-2012-0699

HIGH

Family Connections CMS <2.9 - CSRF

Title source: llm

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Ahmed Elhady Mohamed · htmlwebappsphp

https://www.exploit-db.com/exploits/18667

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Ahmed Elhady Mohamed · textwebappsphp

https://www.exploit-db.com/exploits/18230

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory, VDB Entry] http://www.exploit-db.com/exploits/18667

Scores

CVSS v3 8.8

EPSS 0.0035

EPSS Percentile 57.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (1)

haudenschilt/family_connections_cms < 2.9.0

Published Jan 11, 2018

Tracked Since Feb 18, 2026