CVE-2007-3163
N/A
N/A
Summary
Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34982
- http://ha.ckers.org/blog/20070606/additional-image-bypass-on-windows/
- http://secunia.com/advisories/25719
- http://secunia.com/advisories/25923
- http://osvdb.org/37554
- http://www.bitchiller.de/?p=20
- http://sourceforge.net/project/shownotes.php?release_id=520159
- http://www.securityfocus.com/bid/24510
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34982
- http://ha.ckers.org/blog/20070606/additional-image-bypass-on-windows/
- http://secunia.com/advisories/25719
- http://secunia.com/advisories/25923
- http://osvdb.org/37554
- http://www.bitchiller.de/?p=20
- http://sourceforge.net/project/shownotes.php?release_id=520159
- http://www.securityfocus.com/bid/24510
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.