Back to search
CVE-2006-3362
Published: Jul 6, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
19072
vdb-entry
x_refsource_BID
18767
vdb-entry
x_refsource_BID
30950
vdb-entry
x_refsource_BID
http://www.geeklog.net/article.php/geeklog-1.4.0sr4
x_refsource_CONFIRM
geeklog-multiple-scripts-file-include(27469)
vdb-entry
x_refsource_XF
toendacms-connector-file-upload(27799)
vdb-entry
x_refsource_XF
http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager
x_refsource_CONFIRM
ADV-2006-2868
vdb-entry
x_refsource_VUPEN
6344
exploit
x_refsource_EXPLOIT-DB
2035
exploit
x_refsource_EXPLOIT-DB
1964
exploit
x_refsource_EXPLOIT-DB
20886
third-party-advisory
x_refsource_SECUNIA
geeklog-connector-file-upload(27494)
vdb-entry
x_refsource_XF
20060717 ToendaCMS <= 1.0.0 arbitrary file upload
mailing-list
x_refsource_BUGTRAQ
21117
third-party-advisory
x_refsource_SECUNIA
http://retrogod.altervista.org/toenda_100_shizouka_xpl.html
x_refsource_MISC
ADV-2006-2611
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now