CVE-2006-0658
First published: Mon Feb 13 2006(Updated: )
Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wicked | =2.0 | |
| Wicked | =2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-0658?
CVE-2006-0658 is considered a high severity vulnerability due to its potential for remote code execution.
How do I fix CVE-2006-0658?
To fix CVE-2006-0658, ensure that the DeniedExtensions configuration in FCKeditor includes all potential script file extensions.
What versions of FCKeditor are affected by CVE-2006-0658?
FCKeditor versions 2.0 and 2.2 are affected by CVE-2006-0658.
What type of vulnerability is CVE-2006-0658?
CVE-2006-0658 represents an incomplete blacklist vulnerability allowing unauthorized file uploads.
Can CVE-2006-0658 lead to data breaches?
Yes, CVE-2006-0658 can lead to data breaches if attackers upload and execute malicious scripts.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/fckeditor
- canonical/wicked
- version/wicked/2.0
- version/wicked/2.2