A flaw was found in Family Connections 2.x. The vulnerability allows attacker to compromise user’s system. The flaw is due to improper sanitization of input data passed via „argv[1]“ parameter to dev/less.php before being used in „system()“ call. The hole can be explloited to execute arbitrary shell command.
The flaw was found in version 2.7.1. Other versions may be vulnerable also.
Family Connections users should remove dev/ folder.

Source: Secunia
06.12.2011