An issue exists in CKFinder up to and including 2.6.2.1. Improper checks of file names allows remote malicious users to upload files without any extension (even if the application was configured to accept files only with a defined set of extensions). This affects CKFinder for ASP, CKFinder for ASP.NET, CKFinder for ColdFusion, and CKFinder for PHP.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cksource ckfinder |