MitreCVELIST:CVE-2006-3362CVE-2006-3362
Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
References
retrogod.altervista.org/toenda_100_shizouka_xpl.html
secunia.com/advisories/20886
secunia.com/advisories/21117
www.geeklog.net/article.php/exploit-for-fckeditor-filemanager
www.geeklog.net/article.php/geeklog-1.4.0sr4
www.securityfocus.com/archive/1/440423/100/0/threaded
www.securityfocus.com/bid/18767
www.securityfocus.com/bid/19072
www.securityfocus.com/bid/30950
www.vupen.com/english/advisories/2006/2611
www.vupen.com/english/advisories/2006/2868
exchange.xforce.ibmcloud.com/vulnerabilities/27469
exchange.xforce.ibmcloud.com/vulnerabilities/27494
exchange.xforce.ibmcloud.com/vulnerabilities/27799
www.exploit-db.com/exploits/1964
www.exploit-db.com/exploits/2035
www.exploit-db.com/exploits/6344
