CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2010-1097
https://notcve.org/view.php?id=CVE-2010-1097
include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to uploads/include/dialog/select_soft_post.php. include/userlogin.class.php en DeDeCMS v5.5 GBK, cuando session.auto_start está activado, permite a atacantes remotos evitar la autenticación y obtener acceso como administrador mediante un valor de 1 para el parámetro _SESSION[dede_admin_id], como se ha demostrado con una petición a uploads/include/dialog/select_soft_post.php. • http://bbs.wolvez.org/topic/125 http://osvdb.org/62622 http://secunia.com/advisories/38790 http://www.securityfocus.com/bid/38469 • CWE-287: Improper Authentication •