Unrated severityNVD Advisory· Published May 1, 2008· Updated Apr 23, 2026

CVE-2008-2044

Description

includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this variable to 1, as demonstrated by uploading a PHP script via an add action to projects_site/uploadfile.php.

Affected products

Netoffice/Dwins
cpe:2.3:a:netoffice:dwins:1.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/archive/1/488958nvdExploit
netofficedwins.sourceforge.net/modules/news/article.phpnvd
secunia.com/advisories/29193nvd
securityreason.com/securityalert/3845nvd
sourceforge.net/forum/forum.phpnvd
www.securityfocus.com/archive/1/491542/100/0/threadednvd
www.securityfocus.com/bid/28051nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.010
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000