CVE-2006-3362
7.8 High
AI Score
Confidence
Low
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.081 Low
EPSS
Percentile
94.3%
Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
References
retrogod.altervista.org/toenda_100_shizouka_xpl.html
secunia.com/advisories/20886
secunia.com/advisories/21117
www.geeklog.net/article.php/exploit-for-fckeditor-filemanager
www.geeklog.net/article.php/geeklog-1.4.0sr4
www.securityfocus.com/archive/1/440423/100/0/threaded
www.securityfocus.com/bid/18767
www.securityfocus.com/bid/19072
www.securityfocus.com/bid/30950
www.vupen.com/english/advisories/2006/2611
www.vupen.com/english/advisories/2006/2868
exchange.xforce.ibmcloud.com/vulnerabilities/27469
exchange.xforce.ibmcloud.com/vulnerabilities/27494
exchange.xforce.ibmcloud.com/vulnerabilities/27799
www.exploit-db.com/exploits/1964
www.exploit-db.com/exploits/2035
www.exploit-db.com/exploits/6344
Related
7.8 High
AI Score
Confidence
Low
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.081 Low
EPSS
Percentile
94.3%