Lucene search

MitreCVE-2006-0478

HistoryJan 31, 2006 - 11:03 a.m.

CVE-2006-0478

2006-01-3111:03:00

mitre

web.nvd.nist.gov

cve-2006-0478

cre loaded 6.15

remote attackers

privileged actions

arbitrary files

security vulnerability

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

High

EPSS

0.097

Percentile

94.8%

JSON

CRE Loaded 6.15 allows remote attackers to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php. NOTE: the vendor states “The initial announcement of this risk was made on our website… and it included a patch which will close the vulnerability on all known 6.0x and 6.1x releases. We strongly encourage users of CRE Loaded 6.x, osCMax, and other users of osCommerce who have installed HTMLArea based WYSIWYG editors and Admin Access with Levels to modify thier installations at the earliest possible moment.”

Affected configurations

Nvd

Node

cre_loadedcre_loadedMatch6.15

VendorProductVersionCPE
cre_loadedcre_loaded6.15cpe:2.3:a:cre_loaded:cre_loaded:6.15:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cre_loaded	cre_loaded	6.15	cpe:2.3:a:cre_loaded:cre_loaded:6.15:::::::*

References

secunia.com/advisories/18648

www.attrition.org/pipermail/vim/2006-February/000527.html

www.osvdb.org/22793

www.securityfocus.com/bid/16415

www.vupen.com/english/advisories/2006/0373

exchange.xforce.ibmcloud.com/vulnerabilities/24377

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

High

EPSS

0.097

Percentile

94.8%

JSON

Related for CVE-2006-0478