CVE-2009-5076
Last modified
CVE-2009-5076 is a vulnerability of currently unknown severity. CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, allows remote attackers to bypass authentication and gain administrator privileges via a request with (1) login.php or (2) password_forgotten.php appended as the PATH_INFO, which bypasses a check that uses PHP_SELF, which is not properly handled by (a) includes/application_top.php and (b) admin/includes/application_top.php, as exploited in the wild in 2009.. EPSS estimates a 1.41% chance of exploitation in the next 30 days.
Description
CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, allows remote attackers to bypass authentication and gain administrator privileges via a request with (1) login.php or (2) password_forgotten.php appended as the PATH_INFO, which bypasses a check that uses PHP_SELF, which is not properly handled by (a) includes/application_top.php and (b) admin/includes/application_top.php, as exploited in the wild in 2009.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Creloaded | Cre Loaded | <= 6.2 |
| Creloaded | Cre Loaded | 6.3 |
| Creloaded | Cre Loaded | 6.15 |
References
- http://hosting-4-creloaded.com/node/116Exploit, URL Repurposed
- https://www.creloaded.com/fdm_file_detail.php?file_id=191Patch, Vendor Advisory
- http://hosting-4-creloaded.com/node/116Exploit, URL Repurposed
- https://www.creloaded.com/fdm_file_detail.php?file_id=191Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-5076?
How severe is CVE-2009-5076?
How do I fix CVE-2009-5076?
Are you affected by CVE-2009-5076?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST