Authentication flaw

include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.autostart is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the SESSIONdedeadminid parameter, as demonstrated by a request to uploads/include/dialog/selectsoftpost.php...

DEDECMS v5. 5 Final select_soft_post.php vulnerability-vulnerability warning-the black bar safety net

Author:st0p Today only from Wolves Security Team to see toby57 large cattle released"DEDECMS v5. 5 GBK Final one. vulnerability"this article,the original address:http://bbs.wolvez.org/topic/125/ Your own local testing a bit,covering the SESSION this little chicken threat is true,because the reque...

Woven dream select_soft_post. php page the variables are not the initial vulnerability-vulnerability warning-the black bar safety net

Affected version: Dedecms 5.5 Vulnerability description: 漏洞 产生 文件 位于 include\dialog\selectsoftpost.php, which is the variable$cfgbasedir not initialized properly, can lead to bypass authentication and system variable initialization file, cause you can upload any file to the specified directory. I...