CVE-2010-3419 Information

Description

Multiple PHP remote file inclusion vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the current_user_id parameter to (1) familynews.php and (2) settings.php.

Reference

http://packetstormsecurity.org/1009-exploits/fcms-rfi.txt http://www.exploit-db.com/exploits/14965 https://exchange.xforce.ibmcloud.com/vulnerabilities/61722