Back to search
CVE-2006-0658
Published: Feb 13, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://retrogod.altervista.org/fckeditor_22_xpl.html
x_refsource_MISC
ADV-2006-0502
vdb-entry
x_refsource_VUPEN
20060209 runCMS <= 1.3a2 possible remote code execution through the integrated FCKEditor package
mailing-list
x_refsource_BUGTRAQ
18767
third-party-advisory
x_refsource_SECUNIA
3702
exploit
x_refsource_EXPLOIT-DB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now