Lucene search
MitreCVE-2006-0658HistoryFeb 13, 2006 - 11:06 a.m.
CVE-2006-0658
2006-02-1311:06:00
mitre
web.nvd.nist.gov
35
cve-2006-0658
vulnerability
fckeditor
connector.php
runcms
remote attackers
arbitrary script
file upload
nvd
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
7
Confidence
Low
EPSS
0.031
Percentile
91.1%
Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.
Affected configurations
Node
fckeditorfckeditorMatch2.0
ORfckeditorfckeditorMatch2.2
Related
debiancve
debiancve
cvelist
cvelist
prion
prion
Design/Logic Flaw
2006-02-13 11:06:00
Design/Logic Flaw
2006-05-22 23:10:00
Input validation
2007-06-11 22:30:00
nvd
nvd
exploitdb
exploitdb
FCKEditor 2.0 < 2.2 - 'FileManager connector.php' Arbitrary File Upload
2006-02-09 00:00:00
InoutMailingListManager 3.1 - Remote Command Execution
2007-04-10 00:00:00
ubuntucve
ubuntucve
CVE-2007-3163
2007-06-11 00:00:00
CVE-2007-5156
2007-10-01 00:00:00
cve
cve
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
7
Confidence
Low
EPSS
0.031
Percentile
91.1%
Related for CVE-2006-0658