CVE-2006-2529
published 2006-05-22CVE-2006-2529: editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows…
PriorityP269medium5CVSS 2.0
AVNACLAuNCNIPAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
2.42%
82.1th percentile
editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cardinal_cms_project | cardinal_cms | — | — |
| fckeditor | fckeditor | — | — |
| redlinesoft | lanai_cms | <= 1.2.16 | — |
| sitex_cms_project | sitex_cms | — | — |
| syntax_cms_project | syntax_cms | <= 1.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect upload attempts to FCKeditor's upload.php where the uploaded filename contains '.php.' followed by an arbitrary extension (e.g., '.php.xyz'), which Apache interprets as a PHP file and executes. ↗
- ·The vulnerability is an incomplete blacklist in FCKeditor's upload handler; the blacklist fails to block filenames containing '.php.' with an arbitrary trailing extension, meaning any blacklist-based fix must account for this pattern specifically. ↗
- ·This is a distinct vulnerability from CVE-2006-0658 and CVE-2006-2529, so detection rules targeting those CVEs will not cover this bypass technique. ↗
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
vulncheck5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p57r-mjxp-9www: Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2007-5156 [MEDIUM] GHSA-p57r-mjxp-9www: Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload
Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
GHSA
GHSA-h3c2-83qf-r2j9: editor/filemanager/upload/php/upload
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2006-2529 [MEDIUM] GHSA-h3c2-83qf-r2j9: editor/filemanager/upload/php/upload
editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658.
OSV
CVE-2007-5156: Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload
osv·2007-10-01·CVSS 5.0
CVE-2007-5156 [MEDIUM] CVE-2007-5156: Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload
Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
VulnCheck
FCKeditor before 2.3 Beta editor/filemanager/upload/php/upload.php Arbitrary File Upload
vulncheck·2006·CVSS 5.0
CVE-2006-2529 [MEDIUM] FCKeditor before 2.3 Beta editor/filemanager/upload/php/upload.php Arbitrary File Upload
FCKeditor before 2.3 Beta editor/filemanager/upload/php/upload.php Arbitrary File Upload
editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658.
Affected: fckeditor fckeditor
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.labs.greynoise.io/grimoire/2024-03-28-panning-for-gold/
No detection rules found.
No public exploits indexed.
http://secunia.com/advisories/20122http://www.fckeditor.net/whatsnew/default.htmlhttp://www.osvdb.org/25631http://www.securityfocus.com/bid/18029http://www.vupen.com/english/advisories/2006/1856http://secunia.com/advisories/20122http://www.fckeditor.net/whatsnew/default.htmlhttp://www.osvdb.org/25631http://www.securityfocus.com/bid/18029http://www.vupen.com/english/advisories/2006/1856
2006-05-22
Published
Exploited in the wild