{"id":"CVE-2007-2630","details":"Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All (aka 12All) 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and .php5 files via unspecified vectors.  NOTE: this issue is reachable through filemanager/browser/default/browser.html.","modified":"2024-06-04T04:00:19Z","published":"2007-05-11T17:19:00Z","withdrawn":"2024-06-30T15:57:30.046453Z","references":[{"type":"FIX","url":"http://www.activecampaign.com/support/forum/showthread.php?t=3293"},{"type":"WEB","url":"http://osvdb.org/36161"},{"type":"WEB","url":"http://www.securityfocus.com/archive/1/467483/100/0/threaded"},{"type":"WEB","url":"http://www.securityfocus.com/archive/1/467879/100/0/threaded"},{"type":"WEB","url":"http://www.securityfocus.com/bid/23792"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34049"}],"affected":[{"package":{"name":"moin","ecosystem":"Debian:10","purl":"pkg:deb/debian/moin?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.8-4.1"}]}],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2007-2630.json"}}],"schema_version":"1.7.3"}