Dutchmonkey: >> Dm Filemanager >> 3.9.2 Security Vulnerabilities
admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to certain values.
CVSS Score
7.5
EPSS Score
0.018
Published
2009-06-09
Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
CVSS Score
6.8
EPSS Score
0.009
Published
2009-05-20