PT-2009-4479 · Dm · File Manager

The G0Bl!N

Published

2009-06-09

Updated

2017-09-29

CVE-2009-2025

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions DM FileManager version 3.9.2

Description The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting the USER, GROUPID, GROUP, and USERID cookies to certain values.

Recommendations For DM FileManager version 3.9.2, consider restricting access to the admin/login.php endpoint until a patch is available. As a temporary workaround, avoid using the admin/login.php endpoint with customized cookie values for USER, GROUPID, GROUP, and USERID to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2009-2025

Affected Products

File Manager

PT-2009-4479 · Dm · File Manager

CVE-2009-2025

Weakness Enumeration

Related Identifiers

Affected Products

References · 4