FCKeditor 'CurrentFolder' Arbitrary File Upload

high Nessus Plugin ID 39806

Synopsis

The remote web server contains a PHP application that is affected by an arbitrary file upload vulnerability.

Description

FCKeditor is installed on the remote host. It is an open source HTML text editor that is typically bundled with web applications such Dokeos, GForge, Geeklog, and Xoops, although it can also be installed on its own.

The installed version of the software fails to sanitize input passed to the 'CurrentFolder' parameter of the 'upload.php' script located under 'editor/filemanager/connectors/php'. Provided PHP's 'magic_quotes_gpc' setting is disabled, an attacker may be able to leverage this issue to upload arbitrary files and execute commands on the remote system.

Solution

Upgrade to FCKeditor 2.6.4.1 or later.

See Also

http://ocert.org/advisories/ocert-2009-007.html

https://www.securityfocus.com/archive/1/archive/1/504721/100/0/threaded

Plugin Details

Severity: High

ID: 39806

File Name: fckeditor_currentfolder_file_upload.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 7/15/2009

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 7/6/2009

Vulnerability Publication Date: 7/3/2009

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (ColdFusion 8.0.1 Arbitrary File Upload and Execute)

Reference Information

CVE: CVE-2009-2265

BID: 31812

CWE: 22

SECUNIA: 35747