CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2009-2025 – DM FileManager 3.9.2 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2009-2025
admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to certain values. admin/login.php en DM FileManager v3.9.2, permite a atacantes remotos evitar la autenticación y obtener acceso como administradores estableciendo con valores determinados las cookies (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID. • https://www.exploit-db.com/exploits/8903 http://secunia.com/advisories/35167 http://www.vupen.com/english/advisories/2009/1532 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2009-1741 – DM FileManager 3.9.2 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2009-1741
Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. Múltiples vulnerabilidades de inyección SQL en login.php in DM FileManager v3.9.2, cuando magic_quotes_gpc es deshabilitado, permite a los atacantes remotos ejecutar arbitrariamente comandos SQL a través de los campos (1) Usuario y (2) Contraseña. • https://www.exploit-db.com/exploits/8741 http://osvdb.org/54597 http://secunia.com/advisories/35167 http://www.securityfocus.com/bid/35035 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •