cpe:/a:haudenschilt:family_connections_cms:1.4 CVE-2008-2901 2008-06-30T14:24:00.000-04:00 2017-09-28T21:31:23.757-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-06-30T14:38:00.000-04:00 ALLOWS_OTHER_ACCESS BID 29722 SECUNIA 30680 EXPLOIT-DB 5811 XF familyconnections-multiple-sql-injection(43097) Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.4 allow remote authenticated users to execute arbitrary SQL commands via the (1) address parameter to addressbook.php, the (2) getnews parameter to familynews.php, and the (3) poll_id parameter to home.php in a results action.