CVE-2006-3362 - Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manag

CVE-2006-3362

Summary

Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip. Upgrade to Geeklog version 1.4.0sr4 : http://www.geeklog.net/filemgmt/index.php?id=727

References

Vulnerable Configurations

cpe:2.3:a:geeklog:geeklog:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:geeklog:geeklog:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:geeklog:geeklog:1.4.0_sr1:*:*:*:*:*:*:*
cpe:2.3:a:geeklog:geeklog:1.4.0_sr1:*:*:*:*:*:*:*
cpe:2.3:a:geeklog:geeklog:1.4.0_sr2:*:*:*:*:*:*:*
cpe:2.3:a:geeklog:geeklog:1.4.0_sr2:*:*:*:*:*:*:*
cpe:2.3:a:geeklog:geeklog:1.4.0_sr3:*:*:*:*:*:*:*
cpe:2.3:a:geeklog:geeklog:1.4.0_sr3:*:*:*:*:*:*:*
cpe:2.3:a:toenda_software_development:toendacms:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:toenda_software_development:toendacms:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:toenda_software_development:toendacms:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:toenda_software_development:toendacms:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:toenda_software_development:toendacms:0.7:*:*:*:*:*:*:*
cpe:2.3:a:toenda_software_development:toendacms:0.7:*:*:*:*:*:*:*
cpe:2.3:a:toenda_software_development:toendacms:1.0:*:*:*:*:*:*:*
cpe:2.3:a:toenda_software_development:toendacms:1.0:*:*:*:*:*:*:*

CVSS

Base:	5.1 (as of 18-10-2018 - 16:47)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:P/A:P

refmap via4

bid	18767 19072 30950
bugtraq	20060717 ToendaCMS <= 1.0.0 arbitrary file upload
confirm	http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager http://www.geeklog.net/article.php/geeklog-1.4.0sr4
exploit-db	1964 2035 6344
misc	http://retrogod.altervista.org/toenda_100_shizouka_xpl.html
secunia	20886 21117
vupen	ADV-2006-2611 ADV-2006-2868
xf	geeklog-connector-file-upload(27494) geeklog-multiple-scripts-file-include(27469) toendacms-connector-file-upload(27799)

Last major update

18-10-2018 - 16:47

Published

06-07-2006 - 20:05

Last modified

18-10-2018 - 16:47