CVE-2009-5077

Creloaded Cre Loaded < 6.2 - Authentication Bypass

Title source: rule

Description

CRE Loaded before 6.2.14 allows remote attackers to bypass authentication and gain administrator privileges via vectors related to a modified PHP_SELF variable, which is not properly handled by (1) includes/application_top.php and (2) admin/includes/application_top.php.

References (1)

[Exploit, URL Repurposed] http://hosting-4-creloaded.com/node/116

Scores

EPSS 0.0022

EPSS Percentile 44.8%

Classification

CWE

CWE-287

Status draft

Affected Products (2)

creloaded/cre_loaded < 6.2

creloaded/cre_loaded

Timeline

Published Jun 08, 2011

Tracked Since Feb 18, 2026