admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to certain values.
References
Link | Resource |
---|---|
http://www.vupen.com/english/advisories/2009/1532 | Vendor Advisory |
http://secunia.com/advisories/35167 | Vendor Advisory |
https://www.exploit-db.com/exploits/8903 |
Configurations
Information
Published : 2009-06-09 12:30
Updated : 2017-09-28 18:34
NVD link : CVE-2009-2025
Mitre link : CVE-2009-2025
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
dutchmonkey
- dm_filemanager