Vulnerability Description
Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fckeditor | Fckeditor | 2.0 |
References
- http://retrogod.altervista.org/fckeditor_22_xpl.htmlExploit
- http://secunia.com/advisories/18767Vendor Advisory
- http://www.securityfocus.com/archive/1/424708Exploit
- http://www.vupen.com/english/advisories/2006/0502Vendor Advisory
- https://www.exploit-db.com/exploits/3702
- http://retrogod.altervista.org/fckeditor_22_xpl.htmlExploit
- http://secunia.com/advisories/18767Vendor Advisory
- http://www.securityfocus.com/archive/1/424708Exploit
- http://www.vupen.com/english/advisories/2006/0502Vendor Advisory
- https://www.exploit-db.com/exploits/3702
FAQ
What is CVE-2006-0658?
CVE-2006-0658 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the fil...
How severe is CVE-2006-0658?
CVE-2006-0658 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0658?
Check the references section above for vendor advisories and patch information. Affected products include: Fckeditor Fckeditor.