Creloaded Cre Loaded vulnerabilities
3 known vulnerabilities affecting creloaded/cre_loaded.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH3
Vulnerabilities
Page 1 of 1
CVE-2009-5076P2HIGHCVSS 7.5Exploited≤ 6.2v6.3+1 more2011-06-08
CVE-2009-5076 [HIGH] CWE-287 CVE-2009-5076: CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, allows remote attackers to bypas
CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, allows remote attackers to bypass authentication and gain administrator privileges via a request with (1) login.php or (2) password_forgotten.php appended as the PATH_INFO, which bypasses a check that uses PHP_SELF, which is not properly handled by (a) includes/application_top.php and (
nvd
CVE-2009-1403P3HIGHCVSS 7.5PoCv6.22009-04-24
CVE-2009-1403 [HIGH] CWE-89 CVE-2009-1403: SQL injection vulnerability in product_info.php in CRE Loaded 6.2 allows remote attackers to execute
SQL injection vulnerability in product_info.php in CRE Loaded 6.2 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
nvd
CVE-2009-5077P3HIGHCVSS 7.5≤ 6.2v6.152011-06-08
CVE-2009-5077 [HIGH] CWE-287 CVE-2009-5077: CRE Loaded before 6.2.14 allows remote attackers to bypass authentication and gain administrator pri
CRE Loaded before 6.2.14 allows remote attackers to bypass authentication and gain administrator privileges via vectors related to a modified PHP_SELF variable, which is not properly handled by (1) includes/application_top.php and (2) admin/includes/application_top.php.
nvd