Is CVE-2006-0658 actively exploited?

CVE-2006-0658 has no public evidence of in-the-wild exploitation as of 2026-04-16.

What is the CVSS score for CVE-2006-0658?

CVE-2006-0658 has a CVSS score of 5 (UNKNOWN severity). Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N.

How do I patch CVE-2006-0658?

Patch guidance is available from fckeditor security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2006-0658.

CVE-2006-0658 - remediation guidance & executive summary

Q: Which products are affected by CVE-2006-0658?

2 products: fckeditor fckeditor, fckeditor fckeditor.

Description

Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.

CVSS Metrics

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Access Vector: network
Access Cmplx: low
Auth: none
Confidentiality: none
Integrity: partial
Availability: none
Weaknesses: NVD-CWE-Other

Metadata

Primary Vendor: FCKEDITOR
Published: 2/13/2006
Last Modified: 4/16/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

fckeditor : fckeditorfckeditor : fckeditor

Remediation Guidance

Executive Summary

Cite this page

CVE-2006-0658. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2006-0658

View on NIST NVD

CVE-2006-0658 vulnerability