CVE-2006-0658

Sažetak

Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.

Reference

http://retrogod.altervista.org/fckeditor_22_xpl.html
http://secunia.com/advisories/18767
http://www.securityfocus.com/archive/1/424708
http://www.vupen.com/english/advisories/2006/0502
https://www.exploit-db.com/exploits/3702

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-10-2017 - 01:30

Objavljeno

13-02-2006 - 11:06