Cksource: >> Ckfinder Security Vulnerabilities
In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided.
CVSS Score
5.0
EPSS Score
0.0
Published
2025-12-05
CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-11-14
An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept files only with a defined set of extensions). This affects CKFinder for ASP, CKFinder for ASP.NET, CKFinder for ColdFusion, and CKFinder for PHP.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-09-26
An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletproof content sniffing protection.
CVSS Score
5.3
EPSS Score
0.004
Published
2019-09-26