CVE-2006-0658

Published: Feb 13, 2006Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.

Affected (2)

Products: Fckeditor: Fckeditor

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fckeditor Fckeditor	Version 2.0
Fckeditor Fckeditor	Version 2.2

References (10)

http://retrogod.altervista.org/fckeditor_22_xpl.html

Source: cve@mitre.org

Exploit

http://secunia.com/advisories/18767

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/424708

Source: cve@mitre.org

Exploit

http://www.vupen.com/english/advisories/2006/0502

Source: cve@mitre.org

Vendor Advisory

https://www.exploit-db.com/exploits/3702

Source: cve@mitre.org

http://retrogod.altervista.org/fckeditor_22_xpl.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://secunia.com/advisories/18767

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/archive/1/424708

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.vupen.com/english/advisories/2006/0502

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.exploit-db.com/exploits/3702

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.