Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.
References
Link | Resource |
---|---|
http://retrogod.altervista.org/fckeditor_22_xpl.html | Exploit |
http://secunia.com/advisories/18767 | Vendor Advisory |
http://www.securityfocus.com/archive/1/424708 | Exploit |
http://www.vupen.com/english/advisories/2006/0502 | Vendor Advisory |
https://www.exploit-db.com/exploits/3702 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2006-02-13T11:00:00
Updated: 2017-10-10T00:57:01
Reserved: 2006-02-13T00:00:00
Link: CVE-2006-0658
JSON object: View
NVD Information
Status : Modified
Published: 2006-02-13T11:06:00.000
Modified: 2017-10-11T01:30:39.017
Link: CVE-2006-0658
JSON object: View
Redhat Information
No data.
CWE