PT-2019-14456 · Cksource · Ckfinder
Joshua Provoste
·
Published
2019-09-26
·
Updated
2019-10-01
·
CVE-2019-15891
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
CKFinder versions 2.6.2.1 and earlier
CKFinder versions 3.x through 3.5.0
Description
The issue arises from misleading information in the documentation of CKFinder, which may lead to the incorrect assumption that the application has built-in content sniffing protection.
Recommendations
For CKFinder versions 2.6.2.1 and earlier, update to a version later than 2.6.2.1.
For CKFinder versions 3.x through 3.5.0, update to a version later than 3.5.0.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ckfinder