CVE-2009-2025

{"id": "CVE-2009-2025", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-06-09T19:30:00.500", "references": [{"url": "http://secunia.com/advisories/35167", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/1532", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/8903", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to certain values."}, {"lang": "es", "value": "admin/login.php en DM FileManager v3.9.2, permite a atacantes remotos evitar la autenticaci\u00f3n y obtener acceso como administradores estableciendo con valores determinados las cookies (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID."}], "lastModified": "2017-09-29T01:34:42.233", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dutchmonkey:dm_filemanager:3.9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC55C936-2850-4E42-BE95-81E3743FCD45"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}