漏洞标题
N/A
漏洞描述信息
FCKeditor 2.2 中编辑器/文件管理器/浏览器/默认/connectors/php/connector.php 的未授权文件上传漏洞,在用于 Falt4 CMS,Nuke ET 和其他产品的FCKeditor 2.2版本中,允许远程攻击者通过创建一个包含PHP序列的压缩包头的文件,然后通过应用程序/zip 内容类型的FileUpload 操作上传此文件,并随后通过在用户文件/File/目录中直接请求该文件来访问此文件,可能与CVE-2005-4094相关。请注意:其中的某些详细信息是从第三方信息获得的。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
FCKeditor connector.php任意文件上传漏洞
漏洞描述信息
CKSource FCKeditor(现称CKEditor)是波兰CKSource公司的一套开源的、基于网页的文字编辑器。该编辑器具有轻量化、易于安装等特点。 FCKeditor的editor/filemanager/browser/default/connectors/php/connector.php模块中存在文件上传限制漏洞: 147. function FileUpload( $resourceType, $currentFolder ) 148. { 149. $sErrorNumber = '
CVSS信息
N/A
漏洞类别
代码注入