CVE-2008-2044

NONECVSS 0.0

0.0

includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this variable to 1, as demonstrated by uploading a PHP script via an add action to projects_site/uploadfile.php.

🔗 References (14)

cve@mitrehttp://netofficedwins.sourceforge.net/modules/news/article.php?storyid=47
cve@mitrehttp://secunia.com/advisories/29193
cve@mitrehttp://securityreason.com/securityalert/3845
cve@mitrehttp://sourceforge.net/forum/forum.php?forum_id=814851
cve@mitrehttp://www.securityfocus.com/archive/1/488958
cve@mitrehttp://www.securityfocus.com/archive/1/491542/100/0/threaded
cve@mitrehttp://www.securityfocus.com/bid/28051
af854a3a-2127-422b-91ae-364da2661108http://netofficedwins.sourceforge.net/modules/news/article.php?storyid=47
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29193
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3845
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/forum/forum.php?forum_id=814851
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/488958
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/491542/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/28051

Is Your Infrastructure Affected by CVE-2008-2044?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-2044

📅 Published

🔄 Last Modified

🔗 References (14)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-2044?