PT-2019-14441 · Cksource · Ckfinder+4
Joshua Provoste
·
Publicado
2019-09-26
·
Atualizado
2019-10-02
·
CVE-2019-15862
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
CKFinder versions prior to 2.6.2.1
CKFinder for ASP versions prior to 2.6.2.1
CKFinder for ASP.NET versions prior to 2.6.2.1
CKFinder for ColdFusion versions prior to 2.6.2.1
CKFinder for PHP versions prior to 2.6.2.1
Description
An issue was discovered that allows remote attackers to upload files without any extension, even if the application was configured to accept files only with a defined set of extensions, due to improper checks of file names.
Recommendations
For CKFinder versions prior to 2.6.2.1, update to version 2.6.2.1 or later to resolve the issue.
For CKFinder for ASP versions prior to 2.6.2.1, update to version 2.6.2.1 or later to resolve the issue.
For CKFinder for ASP.NET versions prior to 2.6.2.1, update to version 2.6.2.1 or later to resolve the issue.
For CKFinder for ColdFusion versions prior to 2.6.2.1, update to version 2.6.2.1 or later to resolve the issue.
For CKFinder for PHP versions prior to 2.6.2.1, update to version 2.6.2.1 or later to resolve the issue.
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ckfinder
Ckfinder For Asp
Ckfinder For Asp.Net
Ckfinder For Coldfusion
Ckfinder For Php