Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses --> Category: destructive_attack

FCKeditor Arbitrary File Upload Vulnerability Vulnerability Scan


Vulnerability Scan Summary
Tries to use upload a file with PHP code using FCKeditor

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP application that is affected by
an arbitrary file upload vulnerability.

Description :

The version of FCKeditor installed on the remote host allows an
unauthenticated attacker to upload arbitrary files containing, say,
PHP code, and then to execute them subject to the rights of the
web server user id.

See also :

http://www.fckeditor.net/whatsnew/default.html

Solution :

Either edit 'editor/filemanager/upload/php/config.php' to disable file
uploads or upgrade to FCKeditor 2.3beta or later.

Threat Level:

Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:N/I:P/A:N/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.