Unrated severityNVD Advisory· Published Nov 7, 2006· Updated Apr 23, 2026

CVE-2006-5777

Description

Creasito E-Commerce Content Manager 1.3.08 allows remote attackers to bypass authentication and perform privileged functions via a non-empty finame parameter to (1) addnewcont.php, (2) adminpassw.php, (3) amministrazione.php, (4) artins.php, (5) bgcolor.php, (6) cancartcat.php, (7) canccat.php, (8) cancelart.php, (9) cancontsit.php, (10) chanpassamm.php, (11) dele.php, (12) delecat.php, (13) delecont.php, (14) emailall.php, (15) gestflashtempl.php, (16) gestmagart.php, (17) gestmagaz.php, (18) gestpre.php, (19) input.php, (20) input3.php, (21) insnucat.php, (22) instempflash.php, (23) mailfc.php, (24) modfdati.php, (25) rescont4.php, (26) ricordo1.php, (27) ricordo4.php, (28) tabcatalg.php, (29) tabcont.php, (30) tabcont3.php, (31) tabstile.php, (32) tabstile3.php, (33) testimmg.php, and (34) update.php in admin/. NOTE: some of these details are obtained from third party information.

Affected products

Creasito/Creasito E Commerce Content Manager
cpe:2.3:a:creasito:creasito_e-commerce_content_manager:*:*:*:*:*:*:*:*
Range: <=1.3.08

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/22729nvdVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/30011nvd
www.exploit-db.com/exploits/2709nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.012
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000