|
|
CVE Reference: CVE-2008-2044 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-2044 |
|
|
Description: includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this variable to 1, as demonstrated by uploading a PHP script via an add action to projects_site/uploadfile.php. |
|
|
CVE Status: Candidate |
|
|
References: SREASON http://securityreason.com/securityalert/3845 SAID Secunia Advisory: SA29193 MISC http://sourceforge.net/forum/forum.php?forum_id=814851 CONFIRM http://netofficedwins.sourceforge.net/modules/news/article.php?storyid=47 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/491542/100/0/threaded http://www.securityfocus.com/archive/1/488958 BID 28051 |
|
| Return to the previous page. |
