Lucene search
HistoryFeb 13, 2006 - 11:06 a.m.
CVE-2006-0658
cve-2006-0658
vulnerability
fckeditor
connector.php
runcms
remote attackers
arbitrary script
file upload
nvd
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7 High
AI Score
Confidence
Low
0.031 Low
EPSS
Percentile
91.1%
Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.
Affected configurations
Node
fckeditorfckeditorMatch2.0
ORfckeditorfckeditorMatch2.2
| CPE | Name | Operator | Version |
|---|---|---|---|
| fckeditor:fckeditor | fckeditor | eq | 2.0 |
| fckeditor:fckeditor | fckeditor | eq | 2.2 |
Related
prion
prion
Design/Logic Flaw
2006-02-13 11:06:00
Input validation
2007-06-11 22:30:00
Design/Logic Flaw
2006-05-22 23:10:00
nvd
nvd
debiancve
debiancve
cvelist
cvelist
cve
cve
ubuntucve
ubuntucve
CVE-2007-3163
2007-06-11 00:00:00
CVE-2007-5156
2007-10-01 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7 High
AI Score
Confidence
Low
0.031 Low
EPSS
Percentile
91.1%
Related for CVE-2006-0658