Vulnerabilities > CVE-2006-0658 - Remote Security vulnerability in Fckeditor 2.0/2.2

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
fckeditor
exploit available
NVD
Published: 2006-02-13
Updated: 2017-10-11

Summary

Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt. Per: http://cwe.mitre.org/data/definitions/184.html 'CWE-184: Incomplete Blacklist'

Vulnerable Configurations

Part Description Count
Application
Fckeditor
2

Exploit-Db

  • descriptionFCKEditor 2.0. CVE-2006-0658. Webapps exploit for php platform
    idEDB-ID:1484
    last seen2016-01-31
    modified2006-02-09
    published2006-02-09
    reporterrgod
    sourcehttps://www.exploit-db.com/download/1484/
    titleFCKEditor 2.0 <= 2.2 - FileManager - connector.php Remote Shell Upload Exploit
  • descriptionInoutMailingListManager <= 3.1 Remote Command Execution Exploit. CVE-2005-0613,CVE-2006-0658,CVE-2007-2002,CVE-2007-2003,CVE-2007-2004. Webapps exploit fo...
    fileexploits/php/webapps/3702.php
    idEDB-ID:3702
    last seen2016-01-31
    modified2007-04-10
    platformphp
    port
    published2007-04-10
    reporterBlackHawk
    sourcehttps://www.exploit-db.com/download/3702/
    titleInoutMailingListManager <= 3.1 - Remote Command Execution Exploit
    typewebapps

References