Remote Code Execution Vulnerability in FCKeditor by FCKeditor
CVE-2006-0658

Currently unrated

Key Information:

Vendor: Fckeditor
Status: Fckeditor
Vendor: CVE Published:; 13 February 2006

Summary

An incomplete blacklist vulnerability exists in the connector.php file of FCKeditor versions 2.0 and 2.2. This flaw allows remote attackers to upload and execute arbitrary script files by utilizing specific file extensions that are not adequately filtered by the application's configuration. Attackers can manipulate the upload process, leveraging file extensions such as .php.txt to bypass security controls, potentially leading to unauthorized execution of code on the server.

References

http://retrogod.altervista.org/fckeditor_22_xpl.html

x_refsource_MISC

http://www.vupen.com/english/advisories/2006/0502

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/archive/1/424708

mailing-listx_refsource_BUGTRAQ

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 13, 2006
Vulnerability Reserved
Feb 13, 2006