Multiple PHP remote file inclusion vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the current_user_id parameter to (1) familynews.php and (2) settings.php.

References

• https://nvd.nist.gov/vuln/detail/CVE-2010-3419
• https://exchange.xforce.ibmcloud.com/vulnerabilities/61722
• http://packetstormsecurity.org/1009-exploits/fcms-rfi.txt
• http://www.exploit-db.com/exploits/14965