CVE-2006-3362
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
94.8%
Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
Affected configurations
References
retrogod.altervista.org/toenda_100_shizouka_xpl.html
secunia.com/advisories/20886
secunia.com/advisories/21117
www.geeklog.net/article.php/exploit-for-fckeditor-filemanager
www.geeklog.net/article.php/geeklog-1.4.0sr4
www.securityfocus.com/archive/1/440423/100/0/threaded
www.securityfocus.com/bid/18767
www.securityfocus.com/bid/19072
www.securityfocus.com/bid/30950
www.vupen.com/english/advisories/2006/2611
www.vupen.com/english/advisories/2006/2868
exchange.xforce.ibmcloud.com/vulnerabilities/27469
exchange.xforce.ibmcloud.com/vulnerabilities/27494
exchange.xforce.ibmcloud.com/vulnerabilities/27799
www.exploit-db.com/exploits/1964
www.exploit-db.com/exploits/2035
www.exploit-db.com/exploits/6344
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
94.8%