Description
dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter.
Remediation
References
Related Vulnerabilities
OpenSSL Possible denial of service attack Vulnerability (CVE-2020-1971)
Undertow Missing Authorization Vulnerability (CVE-2019-10184)
WordPress Plugin Fancy Product Designer-WooCommerce SQL Injection (4.7.4)
WordPress Plugin WPCS-WordPress Currency Switcher Cross-Site Request Forgery (1.1.6)
MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-30156)