3 matches found
CVE-2009-2025
DM FileManager 3.9.2 is affected by an authentication bypass vulnerability where remote attackers can gain admin access by tampering cookies (USER, GROUPID, GROUP, USERID). The issue is triggered through admin/login.php and leads to partial confidentiality/integrity/availability impacts as per CV...
CVE-2009-2399
DM FileManager
CVE-2009-1741
CVE-2009-1741 relates to DM FileManager 3.9.2, where login.php contains multiple SQL injection vulnerabilities when magic_quotes_gpc is disabled. Remote attackers can cause arbitrary SQL execution via the (1) Username and (2) Password fields. The NVD notes a CVSSv2 base score of 6.8 (MEDIUM). No ...