CVE-2006-0658

Опубликовано: 13 фев. 2006

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.

Комментарий

Per: http://cwe.mitre.org/data/definitions/184.html 'CWE-184: Incomplete Blacklist'

Ссылки

http://retrogod.altervista.org/fckeditor_22_xpl.html
Exploit
http://secunia.com/advisories/18767
Vendor Advisory
http://www.securityfocus.com/archive/1/424708
Exploit
http://www.vupen.com/english/advisories/2006/0502
Vendor Advisory
https://www.exploit-db.com/exploits/3702
http://retrogod.altervista.org/fckeditor_22_xpl.html
Exploit
http://secunia.com/advisories/18767
Vendor Advisory
http://www.securityfocus.com/archive/1/424708
Exploit
http://www.vupen.com/english/advisories/2006/0502
Vendor Advisory
https://www.exploit-db.com/exploits/3702

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:fckeditor:fckeditor:2.0:*:*:*:*:*:*:*

cpe:2.3:a:fckeditor:fckeditor:2.2:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05676

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2006-0658

debian

почти 20 лет назад

Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 a ...

GHSA-mc7h-j7fr-g6h8

github

почти 4 года назад