- Description
- Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cardinal_cms_project:cardinal_cms:1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C9ECB0B-59AF-4366-96AB-F58ED444E4BE"
},
{
"criteria": "cpe:2.3:a:redlinesoft:lanai_cms:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF3214CD-E007-40CF-821D-EDD2BAA13C90",
"versionEndIncluding": "1.2.16"
},
{
"criteria": "cpe:2.3:a:sitex_cms_project:sitex_cms:0.7.3:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6225A425-A386-490F-9E51-6F8A2DCFAB9E"
},
{
"criteria": "cpe:2.3:a:syntax_cms_project:syntax_cms:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D3AA53A-BA25-4395-86C2-9ED679BD4292",
"versionEndIncluding": "1.3"
}
],
"operator": "OR"
}
]
}
]