CVE-2009-2025

Name of the Vulnerable Software and Affected Versions DM FileManager version 3.9.2

Description The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting the USER, GROUPID, GROUP, and USERID cookies to certain values.

Recommendations For DM FileManager version 3.9.2, consider restricting access to the admin/login.php endpoint until a patch is available. As a temporary workaround, avoid using the admin/login.php endpoint with customized cookie values for USER, GROUPID, GROUP, and USERID to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.