• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

CRE Loaded Files.PHP Access Validation Vulnerability

CRE Loaded is prone to an access-validation vulnerability. This issue is due to a failure in the application to limit access to administrative sections of the application.

An attacker can exploit this vulnerability to overwrite, delete, and create files and directories in the context of the webserver process. This may result in a loss of confidentiality. The attacker may use this information in further attacks.

This issue is reported to affect CRE Loaded version 6.15; other versions may also be vulnerable.