Directory Traversal Vulnerabilities in FCKeditor 2.0 FC by FCKeditor
CVE-2006-0921

Currently unrated

Key Information:

Vendor: Fckeditor
Status: Fckeditor
Vendor: CVE Published:; 28 February 2006

Summary

FCKeditor 2.0 FC has multiple directory traversal vulnerabilities in its connector.php file. Remote attackers can exploit these flaws by manipulating the CurrentFolder parameter through the use of '..' (dot dot) sequences. This exploitation allows unauthorized users to list and create arbitrary directories, potentially leading to further compromises within affected systems. Affected products like RunCMS could be at risk, particularly if properly implemented security measures are not in place.

References

http://securityreason.com/securityalert/484

third-party-advisoryx_refsource_SREASON

http://www.nsag.ru/vuln/952.html

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/24878

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 28, 2006
Vulnerability Reserved
Feb 28, 2006