CVE-2010-1097
N/A
N/A
Summary
include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to uploads/include/dialog/select_soft_post.php.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://osvdb.org/62622
- http://bbs.wolvez.org/topic/125/
- http://www.securityfocus.com/bid/38469
- http://secunia.com/advisories/38790
References
- http://osvdb.org/62622
- http://bbs.wolvez.org/topic/125/
- http://www.securityfocus.com/bid/38469
- http://secunia.com/advisories/38790
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.