• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: FCKeditor Arbitrary File Upload Vulnerability

Severity: HIGH

Description:

FCKeditor is an online text/DHTML editor; it is implemented in PHP.

FCKeditor is prone to an arbitrary-file-upload vulnerability because it fails to adequately sanitize user-supplied input.

This issue affects the 'ServerPath' parameter of the 'editor/filemanager/upload/php/upload.php' script when it handles specially crafted filenames. A filename such as 'example.php.fakeextension' will not be restricted from upload but will be processed as a '.php' file when requested from the webserver.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

This issue affects FCKeditor 2.4.3 when file uploads are enabled in 'config.php'; other versions may also be vulnerable.

Affected Products:

• Ananta Ananta CMS 1.0b6
• CMS from Scratch CMS from Scratch 1.9.1
• CardinalCMS Cardinal CMS 1.2
• Demo4 Demo4 beta01
• FCKeditor FCKeditor 2.4.3
• FreeCMS.us FreeCMS 0.2
• Galmeta Post Galmeta Post 0.2
• Kim Websites Kim Websites 1.0
• Knowledgeroot Knowledgebase 0.9.8.2
• Lasernet Lasernet CMS 1.5
• Mac's PHP MVC Framework Mac's PHP MVC Framework 0.6.6
• One-Network.Org Lansuite 3.3.2
• OpenSim Web Interface OpenSim Web Interface
• RedLine Software LANAI CMS 1.2.16
• SiteX SiteX 0.7.3 beta
• WebPortal WebPortal CMS 0.6.0
• WebPortal WebPortal CMS 0.7.4
• Zanfi Solutions Zanfi CMS Lite 1.1.0

References:

• Ananta: Ananta CMS Homepage
• Cardinal CMS: Cardinal CMS Homepage
• Demo4 CMS: Demo4 CMS SourceForge Page
• FCKeditor: FCKeditor Home Page
• Galmeta Post: Galmeta Post Sourceforge Page
• Kim Websites: Kim Websites Project Homepage
• Knowledgeroot Knowledgebase: Knowledgeroot Knowledgebase Release Name: 0.9.8.5
• Lasernet: Lasernet CMS Home Page
• Mac's PHP MVC Framework: Mac's PHP MVC Framework Sourceforge Page
• One-Network.Org: Lansuite
• OpenSim Web Interface: OpenSim Web Interface Sourceforge Page
• WebPortal: WebPortal CMS Homepage
• Zanfi Solutions: Zanfi Home Page

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.