Lucene search
HistoryMay 22, 2006 - 11:10 p.m.
CVE-2006-2529
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.5
Confidence
Low
EPSS
0.031
Percentile
91.1%
editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658.
Affected configurations
Node
fckeditorfckeditorMatch2.2
Related
cvelist
cvelist
cve
cve
prion
prion
Design/Logic Flaw
2006-05-22 23:10:00
Design/Logic Flaw
2007-10-01 05:17:00
Design/Logic Flaw
2006-02-13 11:06:00
debiancve
debiancve
ubuntucve
ubuntucve
CVE-2007-5156
2007-10-01 00:00:00
CVE-2007-3163
2007-06-11 00:00:00
nvd
nvd
nessus
nessus
FCKeditor upload.php Type Parameter Arbitrary File Upload
2006-05-19 00:00:00
exploitdb
exploitdb
FCKEditor 2.0 < 2.2 - 'FileManager connector.php' Arbitrary File Upload
2006-02-09 00:00:00
InoutMailingListManager 3.1 - Remote Command Execution
2007-04-10 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.5
Confidence
Low
EPSS
0.031
Percentile
91.1%
Related for NVD:CVE-2006-2529