CVE-2006-3362

NONECVSS 0.0

0.0

Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.

🔗 References (34)

cve@mitrehttp://retrogod.altervista.org/toenda_100_shizouka_xpl.html
cve@mitrehttp://secunia.com/advisories/20886
cve@mitrehttp://secunia.com/advisories/21117
cve@mitrehttp://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager
cve@mitrehttp://www.geeklog.net/article.php/geeklog-1.4.0sr4
cve@mitrehttp://www.securityfocus.com/archive/1/440423/100/0/threaded
cve@mitrehttp://www.securityfocus.com/bid/18767
cve@mitrehttp://www.securityfocus.com/bid/19072
cve@mitrehttp://www.securityfocus.com/bid/30950
cve@mitrehttp://www.vupen.com/english/advisories/2006/2611
cve@mitrehttp://www.vupen.com/english/advisories/2006/2868
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/27469
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/27494
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/27799
cve@mitrehttps://www.exploit-db.com/exploits/1964

Is Your Infrastructure Affected by CVE-2006-3362?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2006-3362

📅 Published

🔄 Last Modified

🔗 References (34)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2006-3362?