Published: 31/01/2006 Updated: 20/07/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

CRE Loaded 6.15 allows remote malicious users to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php. NOTE: the vendor states "The initial announcement of this risk was made on our website... and it included a patch which will close the vulnerability on all known 6.0x and 6.1x releases. We strongly encourage users of CRE Loaded 6.x, osCMax, and other users of osCommerce who have installed HTMLArea based WYSIWYG editors and Admin Access with Levels to modify thier installations at the earliest possible moment."

Vulnerable Product	Search on Vulmon	Subscribe to Product
cre loaded cre loaded 6.15

#!/usr/bin/perl # # creLoaded <= 615 HTMLAREA automated perl exploit # hacked up by kaneda <kaneda@blacksecurityorg> # # Rather simple exploit, but still an exploit nonetheless Attempts to upload php script and # utilise that to execute commands, and show off a fake shell # # Can specify: # * User-defined PHP script or one provided ...

NVD-CWE-Other http://secunia.com/advisories/18648 http://www.securityfocus.com/bid/16415 http://www.osvdb.org/22793 http://www.attrition.org/pipermail/vim/2006-February/000527.html http://www.vupen.com/english/advisories/2006/0373 https://exchange.xforce.ibmcloud.com/vulnerabilities/24377 https://nvd.nist.gov https://www.exploit-db.com/exploits/1446/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-0478

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect