CVE-2010-1097

Name of the Vulnerable Software and Affected Versions DeDeCMS version 5.5 GBK

Description The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting the SESSION[dede admin id] parameter to 1 when session.auto start is enabled. An example of exploitation is a request to "uploads/include/dialog/select soft post.php".

Recommendations For DeDeCMS version 5.5 GBK, consider disabling the session.auto start feature to prevent exploitation. Additionally, restrict access to the "uploads/include/dialog/select soft post.php" endpoint to minimize the risk of unauthorized administrative access. Avoid using the SESSION[dede admin id] parameter in sensitive operations until the issue is resolved.