Vulnerability Details CVE-2009-5077
CRE Loaded before 6.2.14 allows remote attackers to bypass authentication and gain administrator privileges via vectors related to a modified PHP_SELF variable, which is not properly handled by (1) includes/application_top.php and (2) admin/includes/application_top.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.8%
CVSS Severity
CVSS v2 Score 7.5
Products affected by CVE-2009-5077
-
cpe:2.3:a:creloaded:cre_loaded:*
-
cpe:2.3:a:creloaded:cre_loaded:6.15