Lucene search
HistoryFeb 13, 2006 - 11:06 a.m.
CVE-2006-0658
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
7
Confidence
Low
EPSS
0.031
Percentile
91.1%
Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.
Affected configurations
Node
fckeditorfckeditorMatch2.0
ORfckeditorfckeditorMatch2.2
Related
debiancve
debiancve
cvelist
cvelist
prion
prion
Design/Logic Flaw
2006-02-13 11:06:00
Design/Logic Flaw
2006-05-22 23:10:00
Input validation
2007-06-11 22:30:00
exploitdb
exploitdb
FCKEditor 2.0 < 2.2 - 'FileManager connector.php' Arbitrary File Upload
2006-02-09 00:00:00
InoutMailingListManager 3.1 - Remote Command Execution
2007-04-10 00:00:00
cve
cve
ubuntucve
ubuntucve
CVE-2007-3163
2007-06-11 00:00:00
CVE-2007-5156
2007-10-01 00:00:00
nvd
nvd
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
7
Confidence
Low
EPSS
0.031
Percentile
91.1%
Related for NVD:CVE-2006-0658