Unrated severityNVD Advisory· Published Jan 31, 2006· Updated Apr 16, 2026

CVE-2006-0478

Description

CRE Loaded 6.15 allows remote attackers to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php. NOTE: the vendor states "The initial announcement of this risk was made on our website... and it included a patch which will close the vulnerability on all known 6.0x and 6.1x releases. We strongly encourage users of CRE Loaded 6.x, osCMax, and other users of osCommerce who have installed HTMLArea based WYSIWYG editors and Admin Access with Levels to modify thier installations at the earliest possible moment."

Affected products

Cre Loaded/Cre Loaded
cpe:2.3:a:cre_loaded:cre_loaded:6.15:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/18648nvdPatchVendor Advisory
www.securityfocus.com/bid/16415nvdPatch
www.attrition.org/pipermail/vim/2006-February/000527.htmlnvd
www.osvdb.org/22793nvd
www.vupen.com/english/advisories/2006/0373nvd
exchange.xforce.ibmcloud.com/vulnerabilities/24377nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000