CVE-2005-0613

FCKeditor 2.0 RC2 - Unauthenticated Arbitrary File Upload

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-0613.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in Nuke ET <= 3.4 due to improper MIME type validation in the FCKeditor component. It uploads a malicious PHP file disguised as a ZIP file and provides a remote shell.

Description

Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files.

Exploits (2)

exploitdb WORKING POC

phpwebappsphp

https://www.exploit-db.com/exploits/6783

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in Nuke ET <= 3.4 due to improper MIME type validation in the FCKeditor component. It uploads a malicious PHP file disguised as a ZIP file and provides a remote shell.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Nuke ET <= 3.4

No auth needed

Prerequisites: FCKeditor component accessible · PHP environment with file uploads enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 19, 2026 Full analysis →

exploitdb WORKING POC

phpwebappsphp

https://www.exploit-db.com/exploits/3702

View Code ZIP pw:eip

This exploit leverages an authentication bypass vulnerability in InoutMailingListManager <= 3.1 to upload a malicious PHP file, execute arbitrary commands, and retrieve database credentials. It demonstrates a multi-step attack chain involving directory traversal, file upload, and command execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: InoutMailingListManager <= 3.1

No auth needed

Prerequisites: Target must have InoutMailingListManager <= 3.1 installed · PHP must be enabled on the server · File upload functionality must be accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/12676

Scores

EPSS 0.0279

EPSS Percentile 86.5%

Details

Status published

Products (1)

fckeditor/fckeditor 2.0_rc2

Published Feb 28, 2005

Tracked Since Feb 18, 2026