cbcvebase.
CVE-2006-0658
published 2006-02-13

CVE-2006-0658: Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute…

PriorityP338medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
6.74%
93.1th percentile
Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.

Affected

7 ranges
VendorProductVersion rangeFixed in
cardinal_cms_projectcardinal_cms
fckeditorfckeditor
fckeditorfckeditor
frederico_caldeira_knabbenfckeditor
redlinesoftlanai_cms<= 1.2.16
sitex_cms_projectsitex_cms
syntax_cms_projectsyntax_cms<= 1.3

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
vulncheck5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.