CVE-2007-2630 - Vulnerability Details - OpenCVE

Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All (aka 12All) 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and .php5 files via unspecified vectors. NOTE: this issue is reachable through filemanager/browser/default/browser.html.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Activecampaign	1-2-all Broadcast Email

Configuration 1 [-]

OR	cpe:2.3:a:activecampaign:1-2-all_broadcast_email:4.5:::::::*
	cpe:2.3:a:activecampaign:1-2-all_broadcast_email:4.53.13:::::::*

No data.

References

Link	Providers
http://osvdb.org/36161
http://www.activecampaign.com/support/forum/showthread.php?t=3293
http://www.securityfocus.com/archive/1/467483/100/0/threaded
http://www.securityfocus.com/archive/1/467879/100/0/threaded
http://www.securityfocus.com/bid/23792
https://exchange.xforce.ibmcloud.com/vulnerabilities/34049

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-05-11T17:00:00

Updated: 2024-08-07T13:42:33.463Z

Reserved: 2007-05-11T00:00:00

Link: CVE-2007-2630

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-05-11T17:19:00.000

Modified: 2024-11-21T00:31:16.147

Link: CVE-2007-2630

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-05-02T00:00:00", "descriptions": [{"lang": "en", "value": "Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All (aka 12All) 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and .php5 files via unspecified vectors. NOTE: this issue is reachable through filemanager/browser/default/browser.html."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.activecampaign.com/support/forum/showthread.php?t=3293"}, {"name": "12all-fckeditor-file-upload(34049)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34049"}, {"name": "20070507 Re: 12All File Upload Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/467879/100/0/threaded"}, {"name": "20070502 12All File Upload Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/467483/100/0/threaded"}, {"name": "36161", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36161"}, {"name": "23792", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23792"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2630", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All (aka 12All) 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and .php5 files via unspecified vectors. NOTE: this issue is reachable through filemanager/browser/default/browser.html."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.activecampaign.com/support/forum/showthread.php?t=3293", "refsource": "MISC", "url": "http://www.activecampaign.com/support/forum/showthread.php?t=3293"}, {"name": "12all-fckeditor-file-upload(34049)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34049"}, {"name": "20070507 Re: 12All File Upload Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/467879/100/0/threaded"}, {"name": "20070502 12All File Upload Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/467483/100/0/threaded"}, {"name": "36161", "refsource": "OSVDB", "url": "http://osvdb.org/36161"}, {"name": "23792", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23792"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:42:33.463Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.activecampaign.com/support/forum/showthread.php?t=3293"}, {"name": "12all-fckeditor-file-upload(34049)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34049"}, {"name": "20070507 Re: 12All File Upload Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/467879/100/0/threaded"}, {"name": "20070502 12All File Upload Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/467483/100/0/threaded"}, {"name": "36161", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36161"}, {"name": "23792", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23792"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2630", "datePublished": "2007-05-11T17:00:00", "dateReserved": "2007-05-11T00:00:00", "dateUpdated": "2024-08-07T13:42:33.463Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:activecampaign:1-2-all_broadcast_email:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "C204B563-7761-48B2-8E6D-39466B020C6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:activecampaign:1-2-all_broadcast_email:4.53.13:*:*:*:*:*:*:*", "matchCriteriaId": "877B4F62-46E5-4AF9-8D3A-EE6242CC0C24", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All (aka 12All) 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and .php5 files via unspecified vectors. NOTE: this issue is reachable through filemanager/browser/default/browser.html."}, {"lang": "es", "value": "Vulnerabilidad de lista negra incompleta en filemanager/browser/default/connectors/php/config.php en el m\u00f3dulo FCKeditor, tal y como se usa en ActiveCampaign 1-2-All (tambi\u00e9n conocido como 12All) 4.50 hasta 4.53.13, y posiblemente otros productos, permite a administradores remotos autenticados promocionar y posiblemente ejecutar ficheros .php4 y .php5 mediante vectores no especificados.\r\nNOTA: Esta vulnerabilidad es alcanzable a trav\u00e9s de filemanager/browser/default/browser.html."}], "id": "CVE-2007-2630", "lastModified": "2024-11-21T00:31:16.147", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-05-11T17:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/36161"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.activecampaign.com/support/forum/showthread.php?t=3293"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/467483/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/467879/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/23792"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34049"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/36161"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.activecampaign.com/support/forum/showthread.php?t=3293"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/467483/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/467879/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/23792"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34049"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}