{"id":"CVE-2007-3163","details":"Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658.","modified":"2024-06-04T04:00:19Z","published":"2007-06-11T22:30:00Z","withdrawn":"2024-06-30T15:57:32.557332Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/25719"},{"type":"ADVISORY","url":"http://secunia.com/advisories/25923"},{"type":"ARTICLE","url":"http://ha.ckers.org/blog/20070606/additional-image-bypass-on-windows/"},{"type":"WEB","url":"http://osvdb.org/37554"},{"type":"WEB","url":"http://sourceforge.net/project/shownotes.php?release_id=520159"},{"type":"WEB","url":"http://www.bitchiller.de/?p=20"},{"type":"WEB","url":"http://www.securityfocus.com/bid/24510"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34982"}],"affected":[{"package":{"name":"moin","ecosystem":"Debian:10","purl":"pkg:deb/debian/moin?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.8-4.1"}]}],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2007-3163.json"}}],"schema_version":"1.7.3"}