本ページは cksource ckfinder に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2016-20023 | In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided. | [email protected] | 5.0 | 0.04% | 2025-12-05 | 2025-12-17 |
| CVE-2025-63830 | CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content. | [email protected] | 6.1 | 0.03% | 2025-11-14 | 2025-11-19 |
| CVE-2019-15891 | An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletproof content sniffing protection. | [email protected] | 5.3 | 0.36% | 2019-09-26 | 2024-11-21 |
| CVE-2019-15862 | An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept files only with a defined set of extensions). This affects CKFinder for ASP, CKFinder for ASP.NET, CKFinder for ColdFusion, and CKFinder for PHP. | [email protected] | 7.5 | 0.37% | 2019-09-26 | 2024-11-21 |