Ckfinder

ckfinder

Vendor: Cksource • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-20023 1Cksource 1Ckfinder Dec 17, 2025 Dec 5, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided.
CVE-2025-63830 1Cksource 1Ckfinder Nov 19, 2025 Nov 14, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.
CVE-2019-15891 1Cksource 1Ckfinder Jun 17, 2026 Sep 26, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletproof content sniffing pro...Show more An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletproof content sniffing protection.Show less
CVE-2019-15862 1Cksource 1Ckfinder Jun 17, 2026 Sep 26, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept files only with a defined...Show more An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept files only with a defined set of extensions). This affects CKFinder for ASP, CKFinder for ASP.NET, CKFinder for ColdFusion, and CKFinder for PHP.Show less