Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0478


Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0478
Last Modified 07 Mar 2011 09:30:08
Published 31 Jan 2006 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



CRE Loaded 6.15 allows remote attackers to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php. NOTE: the vendor states "The initial announcement of this risk was made on our website... and it included a patch which will close the vulnerability on all known 6.0x and 6.1x releases. We strongly encourage users of CRE Loaded 6.x, osCMax, and other users of osCommerce who have installed HTMLArea based WYSIWYG editors and Admin Access with Levels to modify thier installations at the earliest possible moment."

Vulnerable Systems


  • Cre Loaded 6.15


BID - 16415

SECUNIA - 18648

XF - creloaded-files-auth-bypass(24377)

VUPEN - ADV-2006-0373

OSVDB - 22793

VIM - 20060203 vendor ack/fix: 22793: CRE Loaded files.php Unauthenticated Arbitrary File Upload (fwd)

Last Updated: 27 May 2016 10:41:40