Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2006-0658

Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.

Related bugs and status

CVE-2006-0658 (Candidate) is related to these bugs:

Bug #31728: moin 1.5 should require or suggest python-xml for DocBook rendering

Summary				In	Importance	Status
	31728	moin 1.5 should require or suggest python-xml for DocBook rendering		moin (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://retrogod.alterv...
SECUNIA: 18767
BUGTRAQ: 20060209 runCMS <= 1.3...
VUPEN: ADV-2006-0502
EXPLOIT-DB: 3702