Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2008-6178
HistoryFeb 19, 2009 - 4:30 p.m.

CVE-2008-6178

2009-02-1916:30:00
CWE-94
[email protected]
web.nvd.nist.gov
4

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.059

Percentile

93.6%

JSON

Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd
Node
fckeditorfckeditorMatch2.0rc2
OR
fckeditorfckeditorMatch2.0rc3
OR
fckeditorfckeditorMatch2.2
OR
fckeditorfckeditorMatch2.3beta
OR
fckeditorfckeditorMatch2.4.3
OR
phplistphplistMatch2.10.1
OR
phplistphplistMatch2.10.2
OR
phplistphplistMatch2.10.3
OR
phplistphplistMatch2.10.4
OR
phplistphplistMatch2.10.5
OR
phplistphplistMatch2.10.6
VendorProductVersionCPE
fckeditorfckeditor2.0rc2cpe:2.3:a:fckeditor:fckeditor:2.0rc2:*:*:*:*:*:*:*
fckeditorfckeditor2.0rc3cpe:2.3:a:fckeditor:fckeditor:2.0rc3:*:*:*:*:*:*:*
fckeditorfckeditor2.2cpe:2.3:a:fckeditor:fckeditor:2.2:*:*:*:*:*:*:*
fckeditorfckeditor2.3betacpe:2.3:a:fckeditor:fckeditor:2.3beta:*:*:*:*:*:*:*
fckeditorfckeditor2.4.3cpe:2.3:a:fckeditor:fckeditor:2.4.3:*:*:*:*:*:*:*
phplistphplist2.10.1cpe:2.3:a:phplist:phplist:2.10.1:*:*:*:*:*:*:*
phplistphplist2.10.2cpe:2.3:a:phplist:phplist:2.10.2:*:*:*:*:*:*:*
phplistphplist2.10.3cpe:2.3:a:phplist:phplist:2.10.3:*:*:*:*:*:*:*
phplistphplist2.10.4cpe:2.3:a:phplist:phplist:2.10.4:*:*:*:*:*:*:*
phplistphplist2.10.5cpe:2.3:a:phplist:phplist:2.10.5:*:*:*:*:*:*:*
Rows per page:
1-10 of 111

Related

cve 2
ubuntucve 1
prion 1
cvelist 2
seebug 1
exploitdb 2
nvd 1
checkpoint_advisories 1
cve
cve
CVE-2008-6178
2009-02-19 16:30:00
CVE-2005-4094
2005-12-08 11:03:00
ubuntucve
ubuntucve
CVE-2008-6178
2009-02-19 00:00:00
prion
prion
Unrestricted file upload
2009-02-19 16:30:00
cvelist
cvelist
CVE-2008-6178
2009-02-19 16:00:00
CVE-2005-4094
2005-12-08 11:00:00
seebug
seebug
FCKeditor connector.phpδ»»ζ„ζ–‡δ»ΆδΈŠδΌ ζΌζ΄ž
2009-02-20 00:00:00
exploitdb
exploitdb
Falt4 CMS RC4 - 'FCKeditor' Arbitrary File Upload
2009-02-16 00:00:00
Nuke ET 3.4 - 'FCKeditor' Arbitrary File Upload
2008-10-18 00:00:00
nvd
nvd
CVE-2005-4094
2005-12-08 11:03:00
checkpoint_advisories
checkpoint_advisories
Adobe ColdFusion FCKeditor Input Validation Flaw Arbitrary File Upload (CVE-2008-6178; CVE-2009-2265)
2014-11-17 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.059

Percentile

93.6%

JSON
Related for NVD:CVE-2008-6178
cve2ubuntucve1prion1cvelist2seebug1exploitdb2nvd1checkpoint_advisories1