CNNVD-202512-724 Information

CNNVD ID

CNNVD-202512-724

Related CVE

CVE-2016-20023

• CNNVD Published: 2025-12-05

Description (Chinese)

CKSource CKFinder是美国CKSource公司的一个文件管理和上传工具。 CKSource CKFinder 2.5.0.1之前版本存在安全漏洞，该漏洞源于认证用户可通过正确路径下载服务器上的任意文件。

Description (English)

CKSource CKFinder is a document management and uploading tool for CKSource. There was a security loophole in the previous version of CKSource CKFinder 2.5.0.1, which originated from the fact that the authentication user could download any file on the server by the correct path.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

CKSource

Published

2025-12-05

Last Modified

2026-02-24

References

https://ckeditor.com/ckfinder/release-notes/ https://download.cksource.com/CKFinder/CKFinder%20for%20ASP.NET/2.5.0.1/ https://access.redhat.com/security/cve/cve-2016-20023