PT-2006-1544 · Cre Loaded · Cre Loaded
Security Curmudgeonjericho
·
Published
2006-01-31
·
Updated
2017-07-20
·
CVE-2006-0478
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
CRE Loaded versions 6.0x through 6.1x
Description
The issue allows remote attackers to perform privileged actions, including uploading and creating arbitrary files, via a direct request to "files.php". The vendor encourages users to modify their installations as soon as possible.
Recommendations
For CRE Loaded versions 6.0x through 6.1x, apply the patch provided by the vendor to close the vulnerability. As a temporary workaround, consider restricting access to the "files.php" file until the patch is applied.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cre Loaded