CVE-2006-0658

Name of the Vulnerable Software and Affected Versions FCKeditor versions 2.0 through 2.2

Description The issue allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt. This is due to an incomplete blacklist vulnerability in the connector.php file.

Recommendations For FCKeditor versions 2.0 through 2.2, consider updating the Config[DeniedExtensions][File] to include additional file extensions that could be used to execute arbitrary scripts, or restrict file uploads to prevent exploitation until a proper fix is available.