Dutchmonkey

dutchmonkey

4 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2009-2399 1Dutchmonkey 1Dm Filemanager Apr 23, 2026 Jul 9, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in dm-albums/template/album.php in DM FileManager 3.9.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE para...Show more PHP remote file inclusion vulnerability in dm-albums/template/album.php in DM FileManager 3.9.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter.Show less
CVE-2009-2396 1Dutchmonkey 1Dm Album Apr 23, 2026 Jul 9, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 PHP remote file inclusion vulnerability in template/album.php in DM Albums 1.9.2, as used standalone or as a WordPress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE paramete...Show more PHP remote file inclusion vulnerability in template/album.php in DM Albums 1.9.2, as used standalone or as a WordPress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter.Show less
CVE-2009-2025 1Dutchmonkey 1Dm Filemanager Apr 23, 2026 Jun 9, 2009 N/A· v4 N/A· v3 7.5 HIGH· v2 admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to certain values.
CVE-2009-1741 1Dutchmonkey 1Dm Filemanager Apr 23, 2026 May 20, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.