Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3362

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-3362
Last Modified 07 Mar 2011 09:38:28
Published 06 Jul 2006 04:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-3362

Summary

Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.

Vulnerable Systems

Application

  • Geeklog 1.4.0

  • Geeklog 1.4.0 Sr1

  • Geeklog 1.4.0 Sr2

  • Geeklog 1.4.0 Sr3

  • Toenda Software Development Toendacms 0.6.1

  • Toenda Software Development Toendacms 0.6.2

  • Toenda Software Development Toendacms 0.7

  • Toenda Software Development Toendacms 1.0


References

SECUNIA - 20886

XF - geeklog-connector-file-upload(27494)

XF - geeklog-multiple-scripts-file-include(27469)

VUPEN - ADV-2006-2868

VUPEN - ADV-2006-2611

BID - 30950

BID - 19072

BID - 18767

BUGTRAQ - 20060717 ToendaCMS <= 1.0.0 arbitrary file upload

MILW0RM - 6344

CONFIRM - http://www.geeklog.net/article.php/geeklog-1.4.0sr4

CONFIRM - http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager

SECUNIA - 21117

MISC - http://retrogod.altervista.org/toenda_100_shizouka_xpl.html

MILW0RM - 2035

MILW0RM - 1964

XF - toendacms-connector-file-upload(27799)


Last Updated: 27 May 2016 10:42:58