Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2006-0478

EPSS 8.69% · P93
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2006-0478

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
CRE Loaded 6.15 allows remote attackers to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php. NOTE: the vendor states "The initial announcement of this risk was made on our website... and it included a patch which will close the vulnerability on all known 6.0x and 6.1x releases. We strongly encourage users of CRE Loaded 6.x, osCMax, and other users of osCommerce who have installed HTMLArea based WYSIWYG editors and Admin Access with Levels to modify thier installations at the earliest possible moment."
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
CRE Loaded Files.PHP访问验证漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CRE Loaded 6.15访问验证漏洞,远程攻击者可以通过直接请求files.php执行具有特权的操作,包括上传和创建任意文件。注意:供应商声称"在我们的网站上最初已公布了此风险...并且网站上还提供了补丁程序,将用于关闭所有已知6.0x和6.1x发行版上的漏洞。我们强烈建议已安装基于HTMLArea的WYSIWYG编辑器和Admin Access with Levels的CRE Loaded 6.x、osCMax和其他osCommerce用户尽早修改安装"。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2006-0478

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2006-0478

登录查看更多情报信息。

Same Patch Batch · n/a · 2006-01-31 · 18 CVEs total

CVE-2006-0473My Little Homepage产品 BBCode 跨站脚本攻击漏洞
CVE-2006-0467Pioneers 未明漏洞
CVE-2006-0043NFS-SERVER远程缓冲区溢出漏洞
CVE-2006-0480sPaiz-Nuke Modules.PHP跨站脚本攻击漏洞
CVE-2006-0479PmWiki多个输入验证漏洞
CVE-2006-0477GIT 缓冲区溢出漏洞
CVE-2006-0476Nullsoft Winamp畸形播放列表文件处理远程缓冲区溢出漏洞
CVE-2006-0475PHP-Ping 拒绝服务漏洞
CVE-2006-0474Shareaza 多个整数溢出漏洞
CVE-2006-0483Cisco VPN 3000集中器态异常的HTTP/TCP数据包拒绝服务漏洞
CVE-2006-0472My Little Homepage产品BBCode链接标记脚本注入漏洞
CVE-2006-0471My Little Homepage 跨站脚本攻击漏洞
CVE-2006-0470MyBB 跨站脚本攻击漏洞
CVE-2005-4676Andreas Huggel Exiv2损坏EXIF数据拒绝服务漏洞
CVE-2006-0481Libpng Graphics Library PNG_Set_Strip_Alpha缓冲区溢出漏洞
CVE-2006-0482Linux Kernel Get_Compat_Timespec和PTrace本地拒绝服务漏洞
CVE-2006-0484Elido Face Control 目录遍历漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2006-0478

No comments yet

Leave a comment