4 matches found
CVE-2019-15862
The CVE-2019-15862 issue affects CKFinder up to 2.6.2.1 across CKFinder for ASP, ASP.NET, ColdFusion, and PHP. The root cause is improper checks of file names that allow uploads of files without an extension even when a defined set of extensions is configured. Impact is remote unauthenticated upl...
CVE-2019-15891
CKFinder versions ≤ 2.6.2.1 and ≤ 3.5.0 are affected by a documentation issue that could mislead users into believing there is built‑in bulletproof content sniffing protection. The root cause is misleading documentation rather than a code flaw disclosed in these sources. Publicly available refere...
CVE-2016-20023
CKSource CKFinder for ASP.NET versions before 2.5.0.1 are affected. An authenticated user could download arbitrary server files by supplying the correct path, indicating an insecure path/file access mechanism. The issue impacts CKFinder’s file download functionality and could expose confidential ...
CVE-2025-63830
CKFinder 1.4.3 is affected by a Cross Site Scripting (XSS) vulnerability in the File Upload feature. An attacker can upload a crafted SVG that contains active content, potentially executing script in the context of a user’s browser. This affects the CKFinder 1.4.3 release as described across mult...