5.1
CVE-2006-3362
- EPSS 4.97%
- Veröffentlicht 06.07.2006 20:05:00
- Zuletzt bearbeitet 16.06.2026 22:26:55
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginUnrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Toenda Software Development ≫ Toendacms Version0.6.1
Toenda Software Development ≫ Toendacms Version0.6.2
Toenda Software Development ≫ Toendacms Version0.7
Toenda Software Development ≫ Toendacms Version1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.97% | 0.911 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.1 | 4.9 | 6.4 |
AV:N/AC:H/Au:N/C:P/I:P/A:P
|
http://retrogod.altervista.org/toenda_100_shizouka_xpl.html
http://secunia.com/advisories/20886
http://secunia.com/advisories/21117
http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager
http://www.geeklog.net/article.php/geeklog-1.4.0sr4
http://www.securityfocus.com/archive/1/440423/100/0/threaded
http://www.securityfocus.com/bid/18767
http://www.securityfocus.com/bid/19072
http://www.securityfocus.com/bid/30950
http://www.vupen.com/english/advisories/2006/2611
http://www.vupen.com/english/advisories/2006/2868
https://exchange.xforce.ibmcloud.com/vulnerabilities/27469
https://exchange.xforce.ibmcloud.com/vulnerabilities/27494
https://exchange.xforce.ibmcloud.com/vulnerabilities/27799
https://www.exploit-db.com/exploits/1964
https://www.exploit-db.com/exploits/2035
https://www.exploit-db.com/exploits/6344