CRE Loaded before 6.2.14 allows remote attackers to bypass authentication and gain administrator privileges via vectors related to a modified PHP_SELF variable, which is not properly handled by (1) includes/application_top.php and (2) admin/includes/application_top.php.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
http://hosting-4-creloaded.com/node/116 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2011-06-08T15:00:00Z
Updated: 2024-09-16T19:56:54.573Z
Reserved: 2011-06-08T00:00:00Z
Link: CVE-2009-5077
Vulnrichment
No data.
NVD
Status : Modified
Published: 2011-06-08T15:55:01.233
Modified: 2024-11-21T01:11:07.857
Link: CVE-2009-5077
Redhat
No data.