File Upload Vulnerability in FCKeditor by Froala
CVE-2006-2529

Currently unrated

Key Information:

Vendor: Fckeditor
Status: Fckeditor
Vendor: CVE Published:; 22 May 2006

Summary

The FCKeditor prior to version 2.3 Beta contains a serious flaw in the upload functionality. The vulnerability arises from inadequate validation of the 'Type' parameter in the file upload process, enabling remote attackers to upload any file type without authorization. This exposes the system to various threats such as malware installation and data breaches, as malicious users can potentially execute arbitrary scripts on the server. It is crucial for users of affected versions to update to the latest release and implement proper security measures to mitigate the risks associated with this vulnerability.

References

http://www.osvdb.org/25631

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/20122

third-party-advisoryx_refsource_SECUNIA

http://www.fckeditor.net/whatsnew/default.html

x_refsource_CONFIRM

Timeline

Vulnerability published
May 22, 2006
Vulnerability Reserved
May 22, 2006