5.1

CVE-2006-3362

Exploit

EPSS 15.21%
Veröffentlicht 06.07.2006 20:05:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 20

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Geeklog ≫ Geeklog Version1.4.0

Geeklog ≫ Geeklog Version1.4.0_sr1

Geeklog ≫ Geeklog Version1.4.0_sr2

Geeklog ≫ Geeklog Version1.4.0_sr3

Toenda Software Development ≫ Toendacms Version0.6.1

Toenda Software Development ≫ Toendacms Version0.6.2

Toenda Software Development ≫ Toendacms Version0.7

Toenda Software Development ≫ Toendacms Version1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	15.21%	0.943

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

http://retrogod.altervista.org/toenda_100_shizouka_xpl.html

Exploit

http://secunia.com/advisories/20886

Patch

Vendor Advisory

http://secunia.com/advisories/21117

Vendor Advisory

http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager

http://www.geeklog.net/article.php/geeklog-1.4.0sr4

http://www.securityfocus.com/archive/1/440423/100/0/threaded

http://www.securityfocus.com/bid/18767

Exploit

http://www.securityfocus.com/bid/19072

Exploit

http://www.securityfocus.com/bid/30950

http://www.vupen.com/english/advisories/2006/2611

http://www.vupen.com/english/advisories/2006/2868

https://exchange.xforce.ibmcloud.com/vulnerabilities/27469

https://exchange.xforce.ibmcloud.com/vulnerabilities/27494

https://exchange.xforce.ibmcloud.com/vulnerabilities/27799

https://www.exploit-db.com/exploits/1964

https://www.exploit-db.com/exploits/2035

https://www.exploit-db.com/exploits/6344

https://nvd.nist.gov/vuln/detail/CVE-2006-3362

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-3362

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-3362

EUVD