include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to uploads/include/dialog/select_soft_post.php.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2010-03-24T17:00:00Z
Updated: 2024-09-17T01:41:27.394Z
Reserved: 2010-03-24T00:00:00Z
Link: CVE-2010-1097
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2010-03-24T22:44:14.637
Modified: 2010-12-14T05:00:00.000
Link: CVE-2010-1097
Redhat
No data.