漏洞信息详情
CRE Loaded Files.PHP访问验证漏洞
- CNNVD编号:CNNVD-200601-376
- 危害等级: 高危
- CVE编号: CVE-2006-0478
- 漏洞类型: 访问验证错误
- 发布时间: 2006-01-31
- 威胁类型: 远程
- 更新时间: 2007-01-24
- 厂 商: cre_loaded
- 漏洞来源: kaneda is credited...
漏洞简介
CRE Loaded 6.15访问验证漏洞,远程攻击者可以通过直接请求files.php执行具有特权的操作,包括上传和创建任意文件。注意:供应商声称\"在我们的网站上最初已公布了此风险...并且网站上还提供了补丁程序,将用于关闭所有已知6.0x和6.1x发行版上的漏洞。我们强烈建议已安装基于HTMLArea的WYSIWYG编辑器和Admin Access with Levels的CRE Loaded 6.x、osCMax和其他osCommerce用户尽早修改安装\"。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Chain Reaction Edition CRE Loaded 6.1
Chain Reaction Edition CRE Loaded 6.2
http://creloaded.com/Downloads/d_op=getit/lid=172.HTML
Chain Reaction Edition CRE Loaded 6.15
Chain Reaction Edition CRE Loaded 6.2
http://creloaded.com/Downloads/d_op=getit/lid=172.HTML
Chain Reaction Edition CRE Loaded 6.0
Chain Reaction Edition CRE Loaded 6.2
http://creloaded.com/Downloads/d_op=getit/lid=172.HTML
参考网址
来源: BID
名称: 16415
链接:http://www.securityfocus.com/bid/16415
来源: VUPEN
名称: ADV-2006-0373
链接:http://www.frsirt.com/english/advisories/2006/0373
来源: SECUNIA
名称: 18648
链接:http://secunia.com/advisories/18648
来源: XF
名称: creloaded-files-auth-bypass(24377)
链接:http://xforce.iss.net/xforce/xfdb/24377
来源: OSVDB
名称: 22793
链接:http://www.osvdb.org/22793
来源: VIM
名称: 20060203 vendor ack/fix: 22793: CRE Loaded files.php Unauthenticated Arbitrary File Upload (fwd)
链接:http://www.attrition.org/pipermail/vim/2006-February/000527.HTML
受影响实体
- Cre_loaded Cre_loaded:6.15
补丁
暂无
评论