Lucene search

[email protected]CVE-2009-2025

HistoryJun 09, 2009 - 7:30 p.m.

CVE-2009-2025

2009-06-0919:30:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2009-2025

dm filemanager

authentication bypass

remote attack

administrative access

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.5%

JSON

admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to certain values.

Affected configurations

NVD

Node

dutchmonkeydm_filemanagerMatch3.9.2

CPENameOperatorVersion
dutchmonkey:dm_filemanagerdutchmonkey dm filemanagereq3.9.2

CPE	Name	Operator	Version
dutchmonkey:dm_filemanager	dutchmonkey dm filemanager	eq	3.9.2

References

secunia.com/advisories/35167

www.vupen.com/english/advisories/2009/1532

www.exploit-db.com/exploits/8903

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.5%

JSON

Related for CVE-2009-2025

prion1 nvd1 cvelist1 openvas2