5

CVE-2006-0658

Exploit

EPSS 5.68%
Veröffentlicht 13.02.2006 11:06:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fckeditor ≫ Fckeditor Version2.0

Fckeditor ≫ Fckeditor Version2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.68%	0.894

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://retrogod.altervista.org/fckeditor_22_xpl.html

Exploit

http://secunia.com/advisories/18767

Vendor Advisory

http://www.securityfocus.com/archive/1/424708

Exploit

http://www.vupen.com/english/advisories/2006/0502

Vendor Advisory

https://www.exploit-db.com/exploits/3702

https://nvd.nist.gov/vuln/detail/CVE-2006-0658

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0658

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0658

EUVD