CVE-2009-2025

Published: Jun 9, 2009Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to certain values.

Affected (1)

Products: Dutchmonkey: Dm Filemanager

Dutchmonkey

1 product

Dm Filemanager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dutchmonkey Dm Filemanager	Version 3.9.2

Related CWEs

CWE-264

References (6)

http://secunia.com/advisories/35167

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2009/1532

Source: cve@mitre.org

Vendor Advisory

https://www.exploit-db.com/exploits/8903

Source: cve@mitre.org

http://secunia.com/advisories/35167

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2009/1532

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.exploit-db.com/exploits/8903

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.