CVE-2008-3568

Publication date 10 August 2008

Last updated 24 July 2024

Ubuntu priority

Absolute path traversal vulnerability in fckeditor/editor/filemanager/browser/default/connectors/php/connector.php in UNAK-CMS 1.5.5 allows remote attackers to include and execute arbitrary local files via a full pathname in the Dirroot parameter, a different vulnerability than CVE-2006-4890.1.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
fckeditor	8.04 LTS hardy	Not affected
	7.10 gutsy	Not in release
	7.04 feisty	Not in release
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

per Debian, unak specific change, see fckeditor/unak_changes.txt in source fckeditor: <not-affected> (Vulnerable code not present)

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2008-3568