|
 |
|
FCKeditor Multiple Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA20122
|
|
|
Release Date:
|
2006-05-18
|
|
Last Update:
|
2006-05-25
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
Exposure of system information
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | FCKeditor 2.x
|
| | CVE reference: | CVE-2006-2529 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Some vulnerabilities have been reported in FCKeditor, which can be exploited by malicious people to disclose system information, bypass certain security restrictions, and potentially compromise a vulnerable system.
1) An input validation error in the processing of file uploads can be exploited to upload arbitrary scripts by defining an invalid value for the "Type" parameter when uploading a file via "editor/filemanager/upload/php/upload.php".
Successful exploitation requires that file uploads have been enabled in the "config.php" configuration file (not enabled by default).
The vulnerability has been confirmed in version 2.2. Prior versions may also be affected.
2) Input passed to the "CurrentFolder" parameter in "connector.php" isn't properly verified before being used. This can be exploited to disclose the content of arbitrary directories and create directories in arbitrary locations via directory traversal attacks.
The vulnerability has been reported in version 2.0. Other versions may also be affected.
3) An input validation error in the file upload processing can be exploited to upload arbitrary scripts via "connector.php" by appending a dot on the filename.
The vulnerability has been reported in version 2.2. Other versions may also be affected.
Solution:
The vulnerabilities have been fixed in version 2.3 Beta.
Provided and/or discovered by:
1) Reported by the vendor.
2-3) NSA Group
Changelog:
2006-05-22: Updated advisory.
2006-05-25: Added CVE reference.
Original Advisory:
2) http://www.nsag.ru/vuln/952.html
3) http://www.nsag.ru/vuln/893.html
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
3 Related Secunia Security Advisories
|
|
|
1. FCKEditor PHP File Upload Vulnerability
|
|
2. FCKeditor ADS File Upload Vulnerability
|
|
3. FCKeditor File Upload Vulnerability
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
