Lucene search
HistoryFeb 13, 2006 - 11:06 a.m.
CVE-2006-0658
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7 High
AI Score
Confidence
Low
0.031 Low
EPSS
Percentile
91.1%
Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.
Affected configurations
Node
fckeditorfckeditorMatch2.0
ORfckeditorfckeditorMatch2.2
Related
debiancve
debiancve
cve
cve
prion
prion
Design/Logic Flaw
2006-02-13 11:06:00
Design/Logic Flaw
2006-05-22 23:10:00
Input validation
2007-06-11 22:30:00
cvelist
cvelist
ubuntucve
ubuntucve
CVE-2007-3163
2007-06-11 00:00:00
CVE-2007-5156
2007-10-01 00:00:00
nvd
nvd
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7 High
AI Score
Confidence
Low
0.031 Low
EPSS
Percentile
91.1%
Related for NVD:CVE-2006-0658