| VID |
21873 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The FCKeditor addon for PHP-Nuke is vulnerable to an arbitrary file upload vulnerability. FCKeditor is an HTML text editor written by PHP. FCKeditor version 2.0 RC2 and possibly earlier versions could allow a remote attacker to upload arbitrary files and execute arbitrary commands on the affected host.
* Note: This check solely relied on the version number of FCKeditor addon for PHP-Nuke on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.securitytracker.com/alerts/2005/Feb/1013320.html
* Platforms Affected:
FCKeditor versions prior to 2.0 RC3
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of FCKeditor (2.0 RC3 or later), available from the FCKeditor Web site at http://www.fckeditor.net/ |
| Related URL |
CVE-2005-0613 (CVE) |
| Related URL |
12676 (SecurityFocus) |
| Related URL |
19564 (ISS) |
|
