Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-02-13T11:00:00

Updated: 2024-08-07T16:41:29.139Z

Reserved: 2006-02-13T00:00:00

Link: CVE-2006-0658

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2006-02-13T11:06:00.000

Modified: 2024-11-21T00:07:01.510

Link: CVE-2006-0658

cve-icon Redhat

No data.