VYPR
Unrated severityNVD Advisory· Published Jun 8, 2011· Updated Jun 16, 2026

CVE-2009-5077

CVE-2009-5077

Description

CRE Loaded before 6.2.14 allows remote attackers to bypass authentication and gain administrator privileges via vectors related to a modified PHP_SELF variable, which is not properly handled by (1) includes/application_top.php and (2) admin/includes/application_top.php.

Affected products

3
  • cpe:2.3:a:creloaded:cre_loaded:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:creloaded:cre_loaded:*:*:*:*:*:*:*:*range: <=6.2
    • cpe:2.3:a:creloaded:cre_loaded:6.15:*:*:*:*:*:*:*
    • (no CPE)range: <6.2.14

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.