Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
FCKeditor 未知扩展名的文件上传漏洞
Vulnerability Description
FCKeditor是个人开发者的一款开源的专用于在网页上编辑HTML的编辑器。 FCKeditor的editor/filemanager/upload/php/upload.php存在不完全黑名单漏洞,用于SiteX CMS 0.7.3.beta以及可能的其他版本,远程攻击者 可以借助一个名称包含".php."的文件或被Apache HTTP服务器识别为一个.php文件的未知扩展名的文件上传并执行任意PHP指令。
CVSS Information
N/A
Vulnerability Type
N/A