Description

Multiple vendor applications utilize FCKeditor. FCKeditor contains functionality to handle file uploads and file management. A remote attacker could use this functionality to upload malicious executable files on the system. To test file upload capabilities, Acunetix created a file named Acunetix_WVS_File_Upload_test.txt on the server.

Remediation

It is recommended to disable the file upload functionality in FCKeditor (if not required).

References

FCKeditor

FCKeditor CurrentFolder directory traversal

Related Vulnerabilities

WordPress Plugin WP Super Cache Multiple Vulnerabilities (1.4.4)

WordPress Plugin myEASYbackup 'dwn_file' Parameter Directory Traversal (1.0.8.1)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Multiple Vulnerabilities (2.5.0)

WordPress Plugin Dean's FCKEditor with pwwang's code Arbitrary File Upload (1.0.0)

WordPress Plugin File Manager Advanced Shortcode Directory Traversal (2.4)

Severity

Medium

Classification

CVE-2009-2265 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Arbitrary File Creation Unauthenticated File Upload