[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FCKEditor File Upload Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: FCKEditor File Upload Vulnerability
From: bugreport@xxxxxxxxxxxx
Date: Tue, 11 Dec 2012 23:56:50 GMT

- Description:
There is no validation on the extensions when FCKEditor 2.6.8 ASP version is
dealing with the duplicate files. As a result, it is possible to bypass
the protection and upload a file with any extension.

- Reference: http://www.exploit-db.com/exploits/23005/

vulnerable versions: prior to 2.6.9

Vendor Response: 
http://ckeditor.com/forums/Announcements/FCKeditor-2.6.9-Released

Prev by Date: File Upload Concern in Front Account 2.3.13 and OpenDocMan 1.2.6.2
Next by Date: Network Reconnaissance in IPv6 Networks
Previous by thread: File Upload Concern in Front Account 2.3.13 and OpenDocMan 1.2.6.2
Next by thread: Network Reconnaissance in IPv6 Networks
Index(es):
- Date
- Thread