CVE-2009-5077

CRE Loaded < 6.2.14 - Unauthenticated Authentication Bypass via PHP_SELF Manipulation

Title source: llm
STIX 2.1

Description

CRE Loaded before 6.2.14 allows remote attackers to bypass authentication and gain administrator privileges via vectors related to a modified PHP_SELF variable, which is not properly handled by (1) includes/application_top.php and (2) admin/includes/application_top.php.

References (1)

Core 1
Core References
Exploit, URL Repurposed x_refsource_misc
http://hosting-4-creloaded.com/node/116

Scores

EPSS 0.0149
EPSS Percentile 70.8%

Details

CWE
CWE-287
Status published
Products (2)
creloaded/cre_loaded 6.15
creloaded/cre_loaded < 6.2
Published Jun 08, 2011
Tracked Since Feb 18, 2026