Unrated severityNVD Advisory· Published Sep 26, 2019· Updated Aug 5, 2024
CVE-2019-15862
CVE-2019-15862
Description
An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept files only with a defined set of extensions). This affects CKFinder for ASP, CKFinder for ASP.NET, CKFinder for ColdFusion, and CKFinder for PHP.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- CKFinder/CKFinder for ASPdescription
Patches
Vulnerability mechanics
References
1- ckeditor.com/blog/CKFinder-3.5.1-and-CKFinder-2.6.3-released/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.