CVE-2009-2025 Information

Description

admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER (2) GROUPID (3) GROUP and (4) USERID cookies to certain values.

Reference

http://secunia.com/advisories/35167 http://www.vupen.com/english/advisories/2009/1532 https://www.exploit-db.com/exploits/8903