FCKeditor 'CurrentFolder' Parameter Arbitrary File Upload Vulnerability

Bugtraq ID: 31812
Class: Input Validation Error
CVE: CVE-2009-2265
Remote: Yes
Local: No
Published: Oct 18 2008 12:00AM
Updated: May 23 2011 05:21AM
Credit: EgiX and Batter
Vulnerable: Zope Zope.html 1.1
xtcModified eCommerce Shopsoftware xtcModified 1.04
Tru-Zone NukeET 3.4
Red Hat Fedora 11
Red Hat Fedora 10
PHPList PHPList 2.10.6
PHPList PHPList 2.10.5
PHPList PHPList 2.10.4
PHPList PHPList 2.10.3
PHPList PHPList 2.10.2
PHPList PHPList 2.10.1
PHP-Nuke PHP-Nuke 8.2
Nakid Nakid CMS 0.5.2
Knowledgeroot Knowledgebase 0.9.9 5
FCKeditor FCKeditor 2.6.4
FCKeditor FCKeditor 2.4.3
FCKeditor FCKeditor 2.0 rc3
FCKeditor FCKeditor 2.0 RC2
FCKeditor FCKeditor 2.3 beta
FCKeditor FCKeditor 2.2
Falt4 CMS Falt4 Extreme RC4
Dokeos Dokeos 1.8.6
Dokeos Dokeos 1.8.5
Debian Linux 5.0 sparc
Debian Linux 5.0 s/390
Debian Linux 5.0 powerpc
Debian Linux 5.0 mipsel
Debian Linux 5.0 mips
Debian Linux 5.0 m68k
Debian Linux 5.0 ia-64
Debian Linux 5.0 ia-32
Debian Linux 5.0 hppa
Debian Linux 5.0 armel
Debian Linux 5.0 arm
Debian Linux 5.0 amd64
Debian Linux 5.0 alpha
Debian Linux 5.0
Clansphere Clansphere 2009.0.1
Clansphere Clansphere 2008.2.1
Clansphere Clansphere 2009.0
Clansphere Clansphere 2008
Alexscriptengine News-Engine 1.5.1
Alexscriptengine Article-Engine 1.3
Adobe ColdFusion 8.0.1
Adobe ColdFusion 8.0
Not Vulnerable: Zope Zope.html 1.2
PHPList PHPList 2.10.7
FCKeditor FCKeditor 2.6.4 .1
Clansphere Clansphere 2009.0.2


 

Privacy Statement
Copyright 2010, SecurityFocus