CVE-2006-3362 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-3362
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-3362

Description: Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/27469 http://xforce.iss.net/xforce/xfdb/27494 http://xforce.iss.net/xforce/xfdb/27799 SAID Secunia Advisory: SA20886 Secunia Advisory: SA21117 MISC http://retrogod.altervista.org/toenda_100_shizouka_xpl.html MILW0RM http://www.milw0rm.com/exploits/6344 http://milw0rm.com/exploits/2035 http://milw0rm.com/exploits/1964 CONFIRM http://www.geeklog.net/article.php/geeklog-1.4.0sr4 http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/440423/100/0/threaded BID 19072 30950 18767

Return to the previous page.