Bugtraq mailing list archives
FCKEditor File Upload Vulnerability
From: bugreport () itguard info
Date: Tue, 11 Dec 2012 23:56:50 GMT
- Description: There is no validation on the extensions when FCKEditor 2.6.8 ASP version is dealing with the duplicate files. As a result, it is possible to bypass the protection and upload a file with any extension. - Reference: http://www.exploit-db.com/exploits/23005/ vulnerable versions: prior to 2.6.9 Vendor Response: http://ckeditor.com/forums/Announcements/FCKeditor-2.6.9-Released
Current thread:
- FCKEditor File Upload Vulnerability bugreport (Dec 13)