|
Family: CGI abuses --> Category: destructive_attack
FCKeditor Arbitrary File Upload Vulnerability Vulnerability Scan
Vulnerability Scan Summary Tries to use upload a file with PHP code using FCKeditor
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by
an arbitrary file upload vulnerability.
Description :
The version of FCKeditor installed on the remote host allows an
unauthenticated attacker to upload arbitrary files containing, say,
PHP code, and then to execute them subject to the rights of the
web server user id.
See also :
http://www.fckeditor.net/whatsnew/default.html
Solution :
Either edit 'editor/filemanager/upload/php/config.php' to disable file
uploads or upgrade to FCKeditor 2.3beta or later.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:N/I:P/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|