CVE-2008-2044

critical

Description

includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this variable to 1, as demonstrated by uploading a PHP script via an add action to projects_site/uploadfile.php.

References

http://www.securityfocus.com/bid/28051

http://www.securityfocus.com/archive/1/491542/100/0/threaded

http://sourceforge.net/forum/forum.php?forum_id=814851

http://securityreason.com/securityalert/3845

http://secunia.com/advisories/29193

http://netofficedwins.sourceforge.net/modules/news/article.php?storyid=47

Details

Source: Mitre, NVD

Published: 2008-05-01

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical