Cksource

Ckfinder

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2016-20023

  • EPSS 0.06%
  • Veröffentlicht 05.12.2025 06:16:03
  • Zuletzt bearbeitet 17.12.2025 16:09:10

In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided.

6.1

CVE-2025-63830

Exploit
  • EPSS 0.02%
  • Veröffentlicht 14.11.2025 00:00:00
  • Zuletzt bearbeitet 19.11.2025 13:20:11

CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.

7.5

CVE-2019-15862

  • EPSS 0.37%
  • Veröffentlicht 26.09.2019 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:29:37

An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept files only with a defined set of extensions). This affe...

5.3

CVE-2019-15891

  • EPSS 0.36%
  • Veröffentlicht 26.09.2019 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:29:40

An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletproof content sniffing protection.