CVE-2006-3362
Summary
| CVE | CVE-2006-3362 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2006-07-06 20:05:00 UTC |
| Updated | 2018-10-18 16:47:00 UTC |
| Description | Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Geeklog | Geeklog | 1.4.0 | All | All | All |
| Application | Geeklog | Geeklog | 1.4.0_sr1 | All | All | All |
| Application | Geeklog | Geeklog | 1.4.0_sr2 | All | All | All |
| Application | Geeklog | Geeklog | 1.4.0_sr3 | All | All | All |
| Application | Geeklog | Geeklog | 1.4.0 | All | All | All |
| Application | Geeklog | Geeklog | 1.4.0_sr1 | All | All | All |
| Application | Geeklog | Geeklog | 1.4.0_sr2 | All | All | All |
| Application | Geeklog | Geeklog | 1.4.0_sr3 | All | All | All |
| Application | Toenda Software Development | Toendacms | 0.6.1 | All | All | All |
| Application | Toenda Software Development | Toendacms | 0.6.2 | All | All | All |
| Application | Toenda Software Development | Toendacms | 0.7 | All | All | All |
| Application | Toenda Software Development | Toendacms | 1.0 | All | All | All |
| Application | Toenda Software Development | Toendacms | 0.6.1 | All | All | All |
| Application | Toenda Software Development | Toendacms | 0.6.2 | All | All | All |
| Application | Toenda Software Development | Toendacms | 0.7 | All | All | All |
| Application | Toenda Software Development | Toendacms | 1.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| GeekLog <= 1.4.0sr3 f(u)ckeditor Remote Code Execution Exploit | EXPLOIT-DB | www.exploit-db.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Secunia - Advisories - toendaCMS connector.php File Upload Vulnerability | SECUNIA | secunia.com | Vendor Advisory |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| WeBid 0.5.4 (fckeditor) Remote Arbitrary File Upload Exploit | EXPLOIT-DB | www.exploit-db.com | |
| Geeklog Connector.PHP Arbitrary File Upload Vulnerability | BID | www.securityfocus.com | Exploit |
| Geeklog - Exploit for FCKeditor's mcpuk file manager | CONFIRM | www.geeklog.net | |
| WeBid 'config.php' Arbitrary File Upload Vulnerability | BID | www.securityfocus.com | |
| Error 404 :( | MISC | retrogod.altervista.org | Exploit |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Geeklog "connector.php" File Upload Vulnerability - Advisories - Secunia | SECUNIA | secunia.com | Patch, Vendor Advisory |
| ToendaCMS Connector.PHP Arbitrary File Upload Vulnerability | BID | www.securityfocus.com | Exploit |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Geeklog - Geeklog 1.4.0sr4 | CONFIRM | www.geeklog.net | |
| ToendaCMS 1.0.0 - 'FCKeditor' Arbitrary File Upload - PHP webapps Exploit | EXPLOIT-DB | www.exploit-db.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.