CVE-2007-2630
Last modified
CVE-2007-2630 is a vulnerability of currently unknown severity. Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All (aka 12All) 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and .php5 files via unspecified vectors. NOTE: this issue is reachable through filemanager/browser/default/browser.html.. EPSS estimates a 1.31% chance of exploitation in the next 30 days.
Description
Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All (aka 12All) 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and .php5 files via unspecified vectors. NOTE: this issue is reachable through filemanager/browser/default/browser.html.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Activecampaign | 1-2-All Broadcast Email | 4.5 |
| Activecampaign | 1-2-All Broadcast Email | 4.53.13 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-2630?
How severe is CVE-2007-2630?
How do I fix CVE-2007-2630?
Are you affected by CVE-2007-2630?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST