Security Advisory

CVE-2019-15862

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-09-26 20:50:21

Last updated 2024-08-05 01:03:30

Assigner mitre

State PUBLISHED

Description

An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept files only with a defined set of extensions). This affects CKFinder for ASP, CKFinder for ASP.NET, CKFinder for ColdFusion, and CKFinder for PHP.

← Browse all CVEs View on cve.org ↗