CVE-2007-4338

N/A Unknown
Published: August 14, 2007 Modified: April 23, 2026
View on NVD

Description

index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://osvdb.org/39534
Source: cve@mitre.org
http://secunia.com/advisories/26421
Source: cve@mitre.org
Vendor Advisory
http://securityreason.com/securityalert/3009
Source: cve@mitre.org
http://sourceforge.net/tracker/index.php?func=detail&aid=1778696&group_id=189733&atid=930513
Source: cve@mitre.org
http://www.attrition.org/pipermail/vim/2007-August/001762.html
Source: cve@mitre.org
http://www.attrition.org/pipermail/vim/2007-August/001768.html
Source: cve@mitre.org
http://www.securityfocus.com/archive/1/476142/100/0/threaded
Source: cve@mitre.org
http://www.securityfocus.com/archive/1/476293/100/0/threaded
Source: cve@mitre.org
http://www.securityfocus.com/bid/25276
Source: cve@mitre.org
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/35966
Source: cve@mitre.org
http://osvdb.org/39534
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/26421
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://securityreason.com/securityalert/3009
Source: af854a3a-2127-422b-91ae-364da2661108
http://sourceforge.net/tracker/index.php?func=detail&aid=1778696&group_id=189733&atid=930513
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.attrition.org/pipermail/vim/2007-August/001762.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.attrition.org/pipermail/vim/2007-August/001768.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/476142/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/476293/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/25276
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/35966
Source: af854a3a-2127-422b-91ae-364da2661108

20 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
32.8%
97th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

haudenschilt

Related CVEs

CVE-2026-8733 6.3
CVE-2026-8731 4.3
CVE-2026-8730 4.3
CVE-2026-8729 4.3
CVE-2026-8728 4.3