Vulnerabilities > Dutchmonkey

DATE CVE VULNERABILITY TITLE RISK
2009-07-09 CVE-2009-2399 Code Injection vulnerability in Dutchmonkey DM Filemanager 3.9.4
PHP remote file inclusion vulnerability in dm-albums/template/album.php in DM FileManager 3.9.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter.
6.8
2009-07-09 CVE-2009-2396 Code Injection vulnerability in Dutchmonkey DM Album 1.9.2
PHP remote file inclusion vulnerability in template/album.php in DM Albums 1.9.2, as used standalone or as a WordPress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter.
network
wordpress dutchmonkey CWE-94
critical
9.3
2009-06-09 CVE-2009-2025 Permissions, Privileges, and Access Controls vulnerability in Dutchmonkey DM Filemanager 3.9.2
admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to certain values.
network
low complexity
dutchmonkey CWE-264
7.5
2009-05-20 CVE-2009-1741 SQL Injection vulnerability in Dutchmonkey DM Filemanager 3.9.2
Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
6.8