Release DateJan 07, 2012 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems |
DescriptionThis indicates an attack attempt against a Remote Command Execution vulnerability on some configurations of PHP in Family Connections.A vulnerability has been reported in Family Connections that may allow an attacker to execute shell commands on a vulnerable system. This is caused by the "dev/less.php" script fail to properly sanitize the user's input. An attacker may include shell commands by supplying an injection string through the HTTP URL. |
Affected ProductsFamily connections CMS v2.5.0 to v2.7.1 |
Recommended ActionsUpgrade to the latest version, available from the website.https://www.familycms.com/blog/2011/12/fcms-2-7-2/ |
Coverage IPS
VCM |
Reference/shttps://www.familycms.com/blog/2011/11/security-vulnerability-fcms-2-5-2-7-1/http://sourceforge.net/apps/trac/fam-connections/ticket/407 http://rwx.biz.nf/advisories/fc_cms_rce_adv.html http://www.exploit-db.com/exploits/18198/ |
