Remote Code Execution Vulnerability in FCKeditor by FCKeditor
CVE-2006-0658

Currently unrated

Key Information:

Vendor

Fckeditor

Status
Fckeditor
Vendor
CVE Published:
13 February 2006

What is CVE-2006-0658?

An incomplete blacklist vulnerability exists in the connector.php file of FCKeditor versions 2.0 and 2.2. This flaw allows remote attackers to upload and execute arbitrary script files by utilizing specific file extensions that are not adequately filtered by the application's configuration. Attackers can manipulate the upload process, leveraging file extensions such as .php.txt to bypass security controls, potentially leading to unauthorized execution of code on the server.

References

http://retrogod.altervista.org/fckeditor_22_xpl.html
x_refsource_MISC
http://www.vupen.com/english/advisories/2006/0502
vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/archive/1/424708
mailing-listx_refsource_BUGTRAQ

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.