CVE-2008-2901 Information

Description

Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.4 allow remote authenticated users to execute arbitrary SQL commands via the (1) address parameter to addressbook.php the (2) getnews parameter to familynews.php and the (3) poll_id parameter to home.php in a results action.

Reference

http://secunia.com/advisories/30680 http://www.securityfocus.com/bid/29722 https://exchange.xforce.ibmcloud.com/vulnerabilities/43097 https://www.exploit-db.com/exploits/5811