DM FileManager 'login.php' Security Bypass Vulnerability

Summary
The host is running DM FileManager and is prone to Security Bypass vulnerability.
Impact
Successful exploitation will let the remote attacker execute arbitrary SQL commands when magic_quotes_gpc is disabled and bypass authentication and gain administrative access. Impact Level: Application
Solution
Upgrade to DM FileManager version 3.9.10 or later, For updates refer to http://dutchmonkey.com
Insight
- Error exists when application fails to set the 'USER', 'GROUPID', 'GROUP', and 'USERID' cookies to certain values in admin/login.php. - Error in 'login.php' which fails to sanitise user supplied input via the 'Username' and 'Password' fields.
Affected
DutchMonkey, DM FileManager version 3.9.2 and prior
References