PT-2008-3561 · Netoffice · Netoffice Dwins

Published

2008-05-01

Updated

2018-10-11

CVE-2008-2044

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions netOffice Dwins version 1.3 p2

Description The issue allows remote attackers to bypass authentication and execute arbitrary code. This is possible because the demoSession variable is compared to the 'true' string literal instead of the true boolean literal. Attackers can exploit this by setting the demoSession variable to 1, for example, by uploading a PHP script via an action to "projects site/uploadfile.php".

Recommendations For netOffice Dwins version 1.3 p2, consider modifying the comparison of the demoSession variable to use the true boolean literal instead of the 'true' string literal to prevent authentication bypass. As a temporary workaround, restrict access to the "projects site/uploadfile.php" endpoint to minimize the risk of exploitation.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2008-2044

Affected Products

Netoffice Dwins

PT-2008-3561 · Netoffice · Netoffice Dwins

CVE-2008-2044

Weakness Enumeration

Related Identifiers

Affected Products

References · 9