CVE Vulnerabilities

CVE-2006-0658

Published: Feb 13, 2006 | Modified: Oct 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.

Affected Software

Name Vendor Start Version End Version
Fckeditor Fckeditor 2.0 (including) 2.0 (including)
Fckeditor Fckeditor 2.2 (including) 2.2 (including)

References