CVE-2011-5130 Information

Description

dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1 when register_globals is enabled allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter.

Reference

http://osvdb.org/77492 http://secunia.com/advisories/47069 http://sourceforge.net/apps/trac/fam-connections/ticket/407 http://www.exploit-db.com/exploits/18198 http://www.exploit-db.com/exploits/18208 https://exchange.xforce.ibmcloud.com/vulnerabilities/71618 https://www.familycms.com/blog/2011/11/security-vulnerability-fcms-2-5-2-7-1/