Family Connections 'argv[1]' Parameter Remote Arbitrary Command Execution Vulnerability

Bugtraq ID:	50897
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 05 2011 12:00AM
Updated:	Dec 07 2011 07:17PM
Credit:	mr_me
Vulnerable:	Haudenschilt Family Connections Cms 2.7.1
Not Vulnerable:

Family Connections 'argv[1]' Parameter Remote Arbitrary Command Execution Vulnerability

Family Connections is prone to a remote arbitrary command-execution vulnerability because it fails to properly validate user-supplied input.

An attacker can exploit this issue to execute arbitrary commands within the context of the vulnerable application.

Family Connections 'argv[1]' Parameter Remote Arbitrary Command Execution Vulnerability

The following exploit code is available:

• /data/vulnerabilities/exploits/50897.php
• /data/vulnerabilities/exploits/50897.rb

Family Connections 'argv[1]' Parameter Remote Arbitrary Command Execution Vulnerability

Solution:
Vendor updates are available. Please see the references for more information.

Family Connections 'argv[1]' Parameter Remote Arbitrary Command Execution Vulnerability

References:

• Family Connections Homepage (Haudenschilt)
  
• Security Vulnerability in dev/less.php (Haudenschilt)