The host is running CRE Loaded and is prone to Security bypass vulnerability.
Successful exploitation will allow attacker to bypass authentication and gain administrator privileges. Impact Level: Application
Upgrade to CRE Loaded version 6.4.0 or later For updates refer to http://www.creloaded.com/
The flaws are due to - An error when handling 'PHP_SELF' variable, by includes/application_top.php and admin/includes/application_top.php. - Request, with 'login.php' or 'password_forgotten.php' appended as the 'PATH_INFO', which bypasses a check that uses 'PHP_SELF', which is not properly handled by includes/application_top.php and admin/includes/application_top.php.
CRE Loaded version before 6.4.0
- AstroSPACES profile.php SQL Injection Vulnerability
- Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
- aflog Cookie-Based Authentication Bypass Vulnerability
- Atutor AContent Multiple SQL Injection and XSS Vulnerabilities