Summary
The host is running DM FileManager and is prone to Security Bypass vulnerability.
Impact
Successful exploitation will let the remote attacker execute arbitrary SQL commands when magic_quotes_gpc is disabled and bypass authentication and gain administrative access.
Impact Level: Application
Solution
Upgrade to DM FileManager version 3.9.10 or later, For updates refer to http://dutchmonkey.com
Insight
- Error exists when application fails to set the 'USER', 'GROUPID', 'GROUP', and 'USERID' cookies to certain values in admin/login.php.
- Error in 'login.php' which fails to sanitise user supplied input via the 'Username' and 'Password' fields.
Affected
DutchMonkey, DM FileManager version 3.9.2 and prior
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-1741, CVE-2009-2025 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
- AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
- ApPHP MicroBlog Remote Code Execution Vulnerability
- Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14
- Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability