Описание
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| fckeditor | fixed | 1:2.6.4.1-1 | package | |
| moin | fixed | 1.8.2-2 | package | |
| moin | unfixed | lenny | package | |
| moin | not-affected | etch | package | |
| request-tracker3.8 | not-affected | package | ||
| egroupware | fixed | 1.6.002+dfsg-1 | package | |
| egroupware | fixed | 1.4.004-2.dfsg-4.2 | lenny | package |
| gforge | fixed | 4.6.99+svn6225-1 | package | |
| gforge | not-affected | etch | package | |
| knowledgeroot | fixed | 0.9.8.5-3 | package | |
| karrigell | removed | package | ||
| karrigell | not-affected | etch | package |
Примечания
http://dev.fckeditor.net/changeset/3815/FCKeditor/trunk/editor/filemanager
moin from 1.8.2-2 uses systemwide copy of fckeditor
moin in lenny provides FCKeditor as example files (/usr/share/doc)
knowledgeroot from 0.9.8.5-3 uses systemwide copy of fckeditor
EPSS
Связанные уязвимости
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
Уязвимость WYSIWYG-редактора Ckeditor, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом. позволяющая нарушителю загрузить произвольные файлы
EPSS