CVE-2009-5077

Name of the Vulnerable Software and Affected Versions CRE Loaded versions prior to 6.2.14

Description The issue allows remote attackers to bypass authentication and gain administrator privileges. This is related to a modified PHP SELF variable, which is not properly handled by includes in the application.

Recommendations For versions prior to 6.2.14, update to version 6.2.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the includes/application top.php and admin/includes/application top.php files until a patch is available. Avoid using modified PHP SELF variables in the affected includes until the issue is resolved.