|
 |
|
CVE Reference: CVE-2008-2044
|
|
|
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.
|
|
Original Page at CVE MITRE:
CVE-2008-2044
|
|
Description:
includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this variable to 1, as demonstrated by uploading a PHP script via an add action to projects_site/uploadfile.php.
|
|
CVE Status:
Candidate
|
|
References:
MISC
http://sourceforge.net/forum/forum.php?forum_id=814851
BUGTRAQ
http://www.securityfocus.com/archive/1/488958
BID
28051
|
|
|
Return to the previous page.
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
