Vulnerability Description
Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Frederico Caldeira Knabben | Fckeditor | 2.4.2 |
References
- http://ha.ckers.org/blog/20070606/additional-image-bypass-on-windows/
- http://osvdb.org/37554
- http://secunia.com/advisories/25719
- http://secunia.com/advisories/25923
- http://sourceforge.net/project/shownotes.php?release_id=520159
- http://www.bitchiller.de/?p=20URL Repurposed
- http://www.securityfocus.com/bid/24510
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34982
- http://ha.ckers.org/blog/20070606/additional-image-bypass-on-windows/
- http://osvdb.org/37554
- http://secunia.com/advisories/25719
- http://secunia.com/advisories/25923
- http://sourceforge.net/project/shownotes.php?release_id=520159
- http://www.bitchiller.de/?p=20URL Repurposed
- http://www.securityfocus.com/bid/24510
FAQ
What is CVE-2007-3163?
CVE-2007-3163 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demon...
How severe is CVE-2007-3163?
CVE-2007-3163 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3163?
Check the references section above for vendor advisories and patch information. Affected products include: Frederico Caldeira Knabben Fckeditor.