include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to uploads/include/dialog/select_soft_post.php.
Max CVSS
6.8
EPSS Score
0.37%
Published
2010-03-24
Updated
2010-12-14
1 vulnerabilities found