CVE Vulnerabilities

CVE-2006-3362

Published: Jul 06, 2006 | Modified: Oct 18, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.1 MEDIUM
AV:N/AC:H/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.

Affected Software

Name Vendor Start Version End Version
Geeklog Geeklog 1.4.0_sr1 1.4.0_sr1
Geeklog Geeklog 1.4.0_sr2 1.4.0_sr2
Toendacms Toenda_software_development 0.6.2 0.6.2
Geeklog Geeklog 1.4.0_sr3 1.4.0_sr3
Geeklog Geeklog 1.4.0 1.4.0
Toendacms Toenda_software_development 0.7 0.7
Toendacms Toenda_software_development 0.6.1 0.6.1
Toendacms Toenda_software_development 1.0 1.0

References