漏洞标题
N/A
漏洞描述信息
CRE Loaded 6.15 通过直接请求文件.php来进行授权操作,包括上传和创建任意文件。注意:供应商表示,“这种风险的早期公告是我们网站完成的...其中包括一个补丁,它将关闭所有已知6.0x和6.1x版本的漏洞。我们强烈鼓励CRE Loaded 6.x、osCMax以及其他osCommerce用户,已安装基于HTMLArea的WYSIWYG编辑器和具有等级的管理员权限的用户,在最短的时间内修改他们的安装。”
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
CRE Loaded 6.15 allows remote attackers to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php. NOTE: the vendor states "The initial announcement of this risk was made on our website... and it included a patch which will close the vulnerability on all known 6.0x and 6.1x releases. We strongly encourage users of CRE Loaded 6.x, osCMax, and other users of osCommerce who have installed HTMLArea based WYSIWYG editors and Admin Access with Levels to modify thier installations at the earliest possible moment."
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
CRE Loaded Files.PHP访问验证漏洞
漏洞描述信息
CRE Loaded 6.15访问验证漏洞,远程攻击者可以通过直接请求files.php执行具有特权的操作,包括上传和创建任意文件。注意:供应商声称"在我们的网站上最初已公布了此风险...并且网站上还提供了补丁程序,将用于关闭所有已知6.0x和6.1x发行版上的漏洞。我们强烈建议已安装基于HTMLArea的WYSIWYG编辑器和Admin Access with Levels的CRE Loaded 6.x、osCMax和其他osCommerce用户尽早修改安装"。
CVSS信息
N/A
漏洞类别
授权问题