CVE-2011-5130
50Vexday Risk Score
Patch soon. It has a working public exploit.
ssvc Attendepss 37%
from disclosure to weapon0 days
Published on NVDAug 30
1st PoCDec 4
metasploitNov 29
exploitation probability
37%top 2% of all CVEs
observed exploitation
nono source reports it
4 public exploit(s)
dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter.
Affected products
n/a · n/apublic PoCs found — 4
cve_referencewww.exploit-db.com/exploits/18198unverifiedcve_referencewww.exploit-db.com/exploits/18208unverifiedexploitdbwww.exploit-db.com/exploits/18198unverifiedexploitdbwww.exploit-db.com/exploits/18208unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://osvdb.org/77492http://secunia.com/advisories/47069https://exchange.xforce.ibmcloud.com/vulnerabilities/71618http://sourceforge.net/apps/trac/fam-connections/ticket/407https://www.familycms.com/blog/2011/11/security-vulnerability-fcms-2-5-2-7-1/http://www.exploit-db.com/exploits/18198http://www.exploit-db.com/exploits/18208