2019-07-06 22:54:37
mitre
PUBLISHED
/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookies username field allows eval injection, and an empty password bypasses authentication.