exploitDog

CVE-2009-2025

Опубликовано: 09 июн. 2009

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to certain values.

Ссылки

http://secunia.com/advisories/35167
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1532
Vendor Advisory
https://www.exploit-db.com/exploits/8903
http://secunia.com/advisories/35167
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1532
Vendor Advisory
https://www.exploit-db.com/exploits/8903

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dutchmonkey:dm_filemanager:3.9.2:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01661

Низкий

7.5 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-4vgp-rfx5-254x

github

почти 4 года назад

admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to certain values.

EPSS

Процентиль: 82%

0.01661

Низкий

7.5 High

CVSS2

Дефекты

CWE-264