CVE-2006-2529

Опубликовано: 22 мая 2006

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658.

Ссылки

http://secunia.com/advisories/20122
Patch
Vendor Advisory
http://www.fckeditor.net/whatsnew/default.html
Patch
http://www.osvdb.org/25631
http://www.securityfocus.com/bid/18029
Patch
http://www.vupen.com/english/advisories/2006/1856
http://secunia.com/advisories/20122
Patch
Vendor Advisory
http://www.fckeditor.net/whatsnew/default.html
Patch
http://www.osvdb.org/25631
http://www.securityfocus.com/bid/18029
Patch
http://www.vupen.com/english/advisories/2006/1856

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fckeditor:fckeditor:2.2:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.0073

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2006-2529

debian

больше 19 лет назад

editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, ...

GHSA-h3c2-83qf-r2j9

github

больше 3 лет назад