RunCMS ‘connector.php’多个目录遍历漏洞-一一网

RunCMS ‘connector.php’多个目录遍历漏洞

4年前更新

1650

漏洞信息详情

RunCMS ‘connector.php’多个目录遍历漏洞

CNNVD编号：CNNVD-200602-442

危害等级：中危
CVE编号：
CVE-2006-0921
漏洞类型：

路径遍历
发布时间：

2006-02-28
威胁类型：

远程
更新时间：

2006-02-28
厂商：

fckeditor
漏洞来源：
Discovered by

漏洞简介

FCKeditor 2.0 FC的connector.php存在多个目录遍历漏洞，用在RunCMS等产品中时，可使远程攻击者借助指向(1) GetFoldersAndFiles和(2) CreateFolder的CurrentFolder参数（该参数中包含..）列出并创建任意目录。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

FCKeditor FCKeditor 2.2

FCKeditor FCKeditor_2.3b.tar.gz

http://prdownloads.sourceforge.net/fckeditor/FCKeditor_2.3b.tar.gz

RunCMS RunCMS 1.3.a2

RunCMS FIX1002206-2

http://www.runcms.org/public/modules/downloads/singlefile.php?lid=242

RunCMS RunCMS 1.1 A

RunCMS FIX1002206-2

http://www.runcms.org/public/modules/downloads/singlefile.php?lid=242

RunCMS RunCMS 1.1

RunCMS FIX1002206-2

http://www.runcms.org/public/modules/downloads/singlefile.php?lid=242

RunCMS RunCMS 1.2

RunCMS FIX1002206-2

http://www.runcms.org/public/modules/downloads/singlefile.php?lid=242

FCKeditor FCKeditor 2.0 RC2

FCKeditor FCKeditor_2.3b.tar.gz

http://prdownloads.sourceforge.net/fckeditor/FCKeditor_2.3b.tar.gz

FCKeditor FCKeditor 2.0 rc3

FCKeditor FCKeditor_2.3b.tar.gz

http://prdownloads.sourceforge.net/fckeditor/FCKeditor_2.3b.tar.gz

参考网址

来源: BUGTRAQ

名称: 20060223 NSA Group Security Advisory NSAG-¹195-23.02.2006 Vulnerability FCKeditor 2.0 FC

链接:http://www.securityfocus.com/archive/1/archive/1/425937/100/0/threaded

来源: MISC

链接:http://www.nsag.ru/vuln/952.html

来源: XF

名称: fckeditor-connector-obtain-information(24878)

链接:http://xforce.iss.net/xforce/xfdb/24878

来源: BUGTRAQ

名称: 20060519 Re: NSA Group Security Advisory NSAG-¹195-23.02.2006 Vulnerability FCKeditor 2.0 FC

链接:http://www.securityfocus.com/archive/1/archive/1/434559/30/4890/threaded

来源: SREASON

名称: 484

链接:http://securityreason.com/securityalert/484

受影响实体

Fckeditor Fckeditor:2.0_fc

© 版权声明

文章版权归作者所有，未经允许请勿转载。

THE END

喜欢就支持一下吧

相关推荐