Lucene search
K
CksourceCkfinder

4 matches found

CVE
CVE
added 2019/09/26 8:50 p.m.141 views

CVE-2019-15862

The CVE-2019-15862 issue affects CKFinder up to 2.6.2.1 across CKFinder for ASP, ASP.NET, ColdFusion, and PHP. The root cause is improper checks of file names that allow uploads of files without an extension even when a defined set of extensions is configured. Impact is remote unauthenticated upl...

7.5CVSS7.5AI score0.01523EPSS
CVE
CVE
added 2019/09/26 8:56 p.m.141 views

CVE-2019-15891

CKFinder versions ≤ 2.6.2.1 and ≤ 3.5.0 are affected by a documentation issue that could mislead users into believing there is built‑in bulletproof content sniffing protection. The root cause is misleading documentation rather than a code flaw disclosed in these sources. Publicly available refere...

5.3CVSS5.1AI score0.01093EPSS
CVE
CVE
added 2025/12/05 12:0 a.m.21 views

CVE-2016-20023

CKSource CKFinder for ASP.NET versions before 2.5.0.1 are affected. An authenticated user could download arbitrary server files by supplying the correct path, indicating an insecure path/file access mechanism. The issue impacts CKFinder’s file download functionality and could expose confidential ...

6.5CVSS6.3AI score0.003EPSS
CVE
CVE
added 2025/11/14 12:0 a.m.15 views

CVE-2025-63830

CKFinder 1.4.3 is affected by a Cross Site Scripting (XSS) vulnerability in the File Upload feature. An attacker can upload a crafted SVG that contains active content, potentially executing script in the context of a user’s browser. This affects the CKFinder 1.4.3 release as described across mult...

6.1CVSS5.9AI score0.00231EPSS