|Description||Multiple directory traversal vulnerabilities in FCKeditor before 22.214.171.124 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
|NVD severity||high (attack range: remote)|
|Debian Bugs||536051, 538722|
Vulnerable and fixed packages
The table below lists information on source packages.
|moin (PTS)||jessie (security), jessie||1.9.8-1+deb8u1||fixed|
|buster, sid, stretch||1.9.9-1||fixed|
The information below is based on the following data on fixed versions.
moin from 1.8.2-2 uses systemwide copy of fckeditor
[etch] - moin <not-affected> (Vulnerable code not present)
moin in lenny provides FCKeditor as example files (/usr/share/doc)
- request-tracker3.8 <not-affected> (Vulnerable code not present)
[etch] - gforge <not-affected> (doesn't contain FCKeditor)
[etch] - karrigell <not-affected> (Vulnerable code not present)
knowledgeroot from 0.9.8.5-3 uses systemwide copy of fckeditor