← volver
CVE-2006-0658

CVE-2006-0658

EPSS 6.7%
Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.
Productos afectados
n/a · n/a
PoCs públicas encontradas2
exploitdbwww.exploit-db.com/exploits/1484no verificadocve_referencewww.exploit-db.com/exploits/3702no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://retrogod.altervista.org/fckeditor_22_xpl.htmlhttp://secunia.com/advisories/18767https://www.exploit-db.com/exploits/3702http://www.securityfocus.com/archive/1/424708http://www.vupen.com/english/advisories/2006/0502