CVE-2024-1817 | Demososo DM Enterprise Website Building System up to 2022.8 Cookie indexDM_load.php dmlogin is_admin improper authentication

A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDM_load.php of the component Cookie Handler. The manipulation of the argument is_admin with the input y leads to improper authentication.

This vulnerability is known as CVE-2024-1817. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-1817 | Demososo DM Enterprise Website Building System up to 2022.8 Cookie indexDM_load.php dmlogin is_admin improper authentication

Post correlati

CVE-2024-36014 | Linux Kernel up to 6.9 DRM malidp_mw_connector_reset null pointer dereference (a1f95aede628)

CVE-2024-0499 | SourceCodester House Rental Management System 1.0 index.php page cross site scripting

CVE-2024-22099 | Linux Kernel up to 6.7 core.C null pointer dereference

CVE-2023-4222 | Chamilo LMS up to 1.11.24 openoffice_text_document.class.php os command injection