Home page logo

bugtraq logo Bugtraq mailing list archives

FCKEditor File Upload Vulnerability
From: bugreport () itguard info
Date: Tue, 11 Dec 2012 23:56:50 GMT

- Description:
There is no validation on the extensions when FCKEditor 2.6.8 ASP version is
dealing with the duplicate files. As a result, it is possible to bypass
the protection and upload a file with any extension.

- Reference: http://www.exploit-db.com/exploits/23005/

vulnerable versions: prior to 2.6.9

Vendor Response: http://ckeditor.com/forums/Announcements/FCKeditor-2.6.9-Released

  By Date           By Thread  

Current thread:
  • FCKEditor File Upload Vulnerability bugreport (Dec 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]