CVE-2024-1817

Summary

A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDM_load.php of the component Cookie Handler. The manipulation of the argument is_admin with the input y leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
DemososoDM Enterprise Website Building System2022.0affected
DemososoDM Enterprise Website Building System2022.1affected
DemososoDM Enterprise Website Building System2022.2affected
DemososoDM Enterprise Website Building System2022.3affected
DemososoDM Enterprise Website Building System2022.4affected
DemososoDM Enterprise Website Building System2022.5affected
DemososoDM Enterprise Website Building System2022.6affected
DemososoDM Enterprise Website Building System2022.7affected
DemososoDM Enterprise Website Building System2022.8affected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References