CVE-2012-0699

moderate-risk
Published 2018-01-11

Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php.

Do I need to act?

-
0.39% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
2 public exploits available
18230, 18667
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Haudenschilt

References (2)

Exploit http://www.exploit-db.com/exploits/18667
Exploit http://www.exploit-db.com/exploits/18667
43
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 8/34 · Low
Exposure 5/34 · Minimal