First published: Wed Mar 24 2010(Updated: )
include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to uploads/include/dialog/select_soft_post.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dedecms Dedecms | =5.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.