Multiple cross-site request forgery (CSRF) vulnerabilities in
Family Connections CMS (aka FCMS) 2.9 and earlier allow remote
attackers to hijack the authentication of arbitrary users for
requests that (1) add news via an add action to familynews.php or
(2) add a prayer via an add action to prayers.php. (CVSS:6.8) (Last
Update:2018-01-31)