cbcvebase.
CVE-2006-2529
published 2006-05-22

CVE-2006-2529: editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows…

PriorityP269medium5CVSS 2.0
AVNACLAuNCNIPAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
2.42%
82.1th percentile
editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658.

Affected

5 ranges
VendorProductVersion rangeFixed in
cardinal_cms_projectcardinal_cms
fckeditorfckeditor
redlinesoftlanai_cms<= 1.2.16
sitex_cms_projectsitex_cms
syntax_cms_projectsyntax_cms<= 1.3

Detection & IOCsextracted from sources · hover to see the quote

patheditor/filemanager/upload/php/upload.php
  • Detect upload attempts to FCKeditor's upload.php where the uploaded filename contains '.php.' followed by an arbitrary extension (e.g., '.php.xyz'), which Apache interprets as a PHP file and executes.
  • ·The vulnerability is an incomplete blacklist in FCKeditor's upload handler; the blacklist fails to block filenames containing '.php.' with an arbitrary trailing extension, meaning any blacklist-based fix must account for this pattern specifically.
  • ·This is a distinct vulnerability from CVE-2006-0658 and CVE-2006-2529, so detection rules targeting those CVEs will not cover this bypass technique.

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
vulncheck5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.