VYPR
Unrated severityNVD Advisory· Published Jun 11, 2007· Updated Jun 16, 2026

CVE-2007-3163

CVE-2007-3163

Description

Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658.

Affected products

3
  • cpe:2.3:a:frederico_caldeira_knabben:fckeditor:2.4.2:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:frederico_caldeira_knabben:fckeditor:2.4.2:*:*:*:*:*:*:*
    • (no CPE)range: =2.4.2
  • osv-coords
    Range: < 1.5.8-4.1

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.