Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0658

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0658
Last Modified 12 Oct 2011 12:00:00
Published 13 Feb 2006 06:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0658

Summary

Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.

Vulnerable Systems

Application

  • Fckeditor 2.0

  • Fckeditor 2.2


References

VUPEN - ADV-2006-0502

BUGTRAQ - 20060209 runCMS <= 1.3a2 possible remote code execution through the integrated FCKEditor package

MILW0RM - 3702

SECUNIA - 18767

MISC - http://retrogod.altervista.org/fckeditor_22_xpl.html


Last Updated: 27 May 2016 10:41:45