This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
APP:FCKEDITOR-RCE-UPLOAD
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
APP
|
Keywords |
FCKeditor Arbitrary File Upload Code Execution
|
Release Date |
2011/11/01
|
Update Number |
2021
|
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
APP: FCKeditor Arbitrary File Upload Code Execution
This signature detects attempts to exploit a known flaw in FCKeditor. FCKeditor is a web based open source HTML text editor. A successful attack could result in arbitrary code execution.
Extended Description
FCKeditor is prone to a vulnerability that lets attackers upload arbitrary files it fails to adequately sanitize user-supplied input.
An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
Versions prior to FCKeditor 2.6.4.1 are vulnerable.
Affected Products
- Adobe coldfusion 8.0
- Adobe coldfusion 8.0.1
- Alexscriptengine article-engine 1.3.0
- Alexscriptengine news-engine 1.5.1
- Clansphere clansphere 2008
- Clansphere clansphere 2008.2.1
- Clansphere clansphere 2009.0
- Clansphere clansphere 2009.0.1
- Debian linux 5.0
- Debian linux 5.0 Alpha
- Debian linux 5.0 Amd64
- Debian linux 5.0 Arm
- Debian linux 5.0 Armel
- Debian linux 5.0 Hppa
- Debian linux 5.0 Ia-32
- Debian linux 5.0 Ia-64
- Debian linux 5.0 M68k
- Debian linux 5.0 Mips
- Debian linux 5.0 Mipsel
- Debian linux 5.0 Powerpc
- Debian linux 5.0 S/390
- Debian linux 5.0 Sparc
- Dokeos dokeos 1.8.5
- Dokeos dokeos 1.8.6
- Falt4_cms falt4_extreme RC4
- Fckeditor fckeditor 2.0.0 rc2
- Fckeditor fckeditor 2.0.0 rc3
- Fckeditor fckeditor 2.2
- Fckeditor fckeditor 2.3 beta
- Fckeditor fckeditor 2.4.3
- Fckeditor fckeditor 2.6.4
- Knowledgeroot knowledgebase 0.9.9.5
- Nakid nakid_cms 0.5.2
- Phplist phplist 2.10.1
- Phplist phplist 2.10.2
- Phplist phplist 2.10.3
- Phplist phplist 2.10.4
- Phplist phplist 2.10.5
- Phplist phplist 2.10.6
- Php-nuke php-nuke 8.2
- Red_hat fedora 10
- Red_hat fedora 11
- Tru-zone nukeet 3.4
- Xtcmodified_ecommerce_shopsoftware xtcmodified 1.04
- Zope zope.html 1.1.0
References