vendor:
fckeditor
by:
Mr.MLL
9,3
CVSS
HIGH
Remote Arbitrary File Upload
434
CWE
Product Name: fckeditor
Affected Version From: All
Affected Version To: All
Patch Exists: Yes
Related CWE: N/A
CPE: a:fckeditor:fckeditor
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010
CMS (fckeditor) Remote Arbitrary File Upload Exploit
A vulnerability exists in fckeditor, which allows an attacker to upload arbitrary files to the server. The vulnerability is due to the lack of authentication when uploading files. An attacker can exploit this vulnerability by sending a malicious file to the server and then accessing it directly. This can lead to the execution of arbitrary code on the server.
Mitigation:
The vendor should implement authentication when uploading files, and should also restrict the types of files that can be uploaded.
