CVE-2008-2044

Sažetak

includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this variable to 1, as demonstrated by uploading a PHP script via an add action to projects_site/uploadfile.php.

Reference

http://netofficedwins.sourceforge.net/modules/news/article.php?storyid=47
http://secunia.com/advisories/29193
http://securityreason.com/securityalert/3845
http://sourceforge.net/forum/forum.php?forum_id=814851
http://www.securityfocus.com/archive/1/488958
http://www.securityfocus.com/archive/1/491542/100/0/threaded
http://www.securityfocus.com/bid/28051

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-10-2018 - 20:38

Objavljeno

01-05-2008 - 19:05