FCKeditor ''Type'' Parameter File Upload Vulnerability

Welcome to nukeSEO.com !	Home News Stories Archive Forums Forums Unanswered Posts Modules Content Downloads Encyclopedia FAQ Feeds Tutorials Web Links Your Account Login Register Site Info Sitemap

nukeNAV

Recent Tutorials

Installing nukeSEO

PHP-Nuke and robots.txt

Tutorials

Feeds

FCKeditor ''Type'' Parameter File Upload Vulnerability

From [url=http://secunia.com/advisories/20122/]Secunia[/url]:

A vulnerability has been discovered in FCKeditor, which potentially can be exploited by malicious people to compromise a vulnerable system.

Fortunately, this should not impact nukeWYSIWYG or RavenNuke users unless the default NukeUser authority has been changed to admin level, which allows uploads.
The vulnerability is caused due to an input validation error in the processing of file uploads. This can be exploited to upload arbitrary scripts by defining an invalid value for the "Type" parameter when uploading a file via "editor/filemanager/upload/php/upload.php".


	Posted on Thursday, May 18, 2006 @ 18:05:39 CDT by kguske

Rate This

Sorry, Comments are not available for this article.

News ©

Page Generation: 0.03 Seconds