Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, allows remote attackers to bypass authentication and gain administrator privileges via a request with (1) login.php or (2) password_forgotten.php appended as the PATH_INFO, which bypasses a check that uses PHP_SELF, which is not properly handled by (a) includes/application_top.php and (b) admin/includes/application_top.php, as exploited in the wild in 2009.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CRE Loaded授权问题漏洞
Vulnerability Description
CRE Loaded是一个可扩展的电子商务购物平台,主要用于愿意在网络上从事服务的店主开发相关电子商务网站。 CRE Loaded 6.2.14之前版本及6.3.x之前的其他版本中存在授权问题漏洞。远程攻击者可以通过把(1)login.php或(2)password_forgotten.php作为附加参数PATH_INFO的请求,绕过认证并获得管理员权限,该请求可以绕过使用PHP_SELF的检查,而这个检查不能被(a)includes/application_top.php和(b)admin/includ
CVSS Information
N/A
Vulnerability Type
N/A