CVE-2009-5077 Information

Description

CRE Loaded before 6.2.14 allows remote attackers to bypass authentication and gain administrator privileges via vectors related to a modified PHP_SELF variable which is not properly handled by (1) includes/application_top.php and (2) admin/includes/application_top.php.

Reference

http://hosting-4-creloaded.com/node/116