CVE-2012-0699

HIGH

Family Connections CMS < 2.9.0 - Cross-Site Request Forgery via News or Prayer Add Action

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-0699. PoCs published by Ahmed Elhady Mohamed.

AI-analyzed exploit summary The exploit demonstrates CSRF and reflected XSS vulnerabilities in Family CMS 2.9. It includes PoC HTML forms for CSRF attacks and a URL for XSS execution.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Ahmed Elhady Mohamed · htmlwebappsphp
https://www.exploit-db.com/exploits/18667

The exploit demonstrates CSRF and reflected XSS vulnerabilities in Family CMS 2.9. It includes PoC HTML forms for CSRF attacks and a URL for XSS execution.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Family CMS 2.9 and earlier
No auth needed
Prerequisites: Target must have Family CMS 2.9 or earlier installed · Optional sections must be installed during setup
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Ahmed Elhady Mohamed · textwebappsphp
https://www.exploit-db.com/exploits/18230

This is a writeup detailing multiple stored and reflected XSS vulnerabilities in FCMS 2.7.2. It describes injection points in various pages but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: FCMS 2.7.2 and earlier
Auth required
Prerequisites: Access to vulnerable FCMS installation · User authentication for stored XSS
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18667

Scores

CVSS v3 8.8
EPSS 0.0364
EPSS Percentile 88.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
haudenschilt/family_connections_cms < 2.9.0
Published Jan 11, 2018
Tracked Since Feb 18, 2026