CVE-2006-3362

Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.

CVSS v2.0 5.1 MEDIUM

5.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager
http://www.geeklog.net/article.php/geeklog-1.4.0sr4
http://www.securityfocus.com/bid/18767	Exploit
http://secunia.com/advisories/20886	Patch Vendor Advisory
http://retrogod.altervista.org/toenda_100_shizouka_xpl.html	Exploit
http://www.securityfocus.com/bid/19072	Exploit
http://secunia.com/advisories/21117	Vendor Advisory
http://www.securityfocus.com/bid/30950
http://www.vupen.com/english/advisories/2006/2611
http://www.vupen.com/english/advisories/2006/2868
https://exchange.xforce.ibmcloud.com/vulnerabilities/27799
https://exchange.xforce.ibmcloud.com/vulnerabilities/27494
https://exchange.xforce.ibmcloud.com/vulnerabilities/27469
https://www.exploit-db.com/exploits/6344
https://www.exploit-db.com/exploits/2035
https://www.exploit-db.com/exploits/1964
http://www.securityfocus.com/archive/1/440423/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:geeklog:geeklog:1.4.0_sr3:::::::*
	cpe:2.3:a:toenda_software_development:toendacms:0.6.1:::::::*
	cpe:2.3:a:geeklog:geeklog:1.4.0_sr1:::::::*
	cpe:2.3:a:geeklog:geeklog:1.4.0_sr2:::::::*
	cpe:2.3:a:geeklog:geeklog:1.4.0:::::::*
	cpe:2.3:a:toenda_software_development:toendacms:1.0:::::::*
	cpe:2.3:a:toenda_software_development:toendacms:0.6.2:::::::*
	cpe:2.3:a:toenda_software_development:toendacms:0.7:::::::*

Information

Published : 2006-07-06 13:05

Updated : 2018-10-18 09:47

NVD link : CVE-2006-3362

Mitre link : CVE-2006-3362

JSON object : View

CWE

NVD-CWE-Other

Products Affected

toenda_software_development

toendacms

geeklog

geeklog

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager", "name": "http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr4", "name": "http://www.geeklog.net/article.php/geeklog-1.4.0sr4", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/18767", "name": "18767", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/20886", "name": "20886", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://retrogod.altervista.org/toenda_100_shizouka_xpl.html", "name": "http://retrogod.altervista.org/toenda_100_shizouka_xpl.html", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/19072", "name": "19072", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/21117", "name": "21117", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/30950", "name": "30950", "tags": [], "refsource": "BID"}, {"url": "http://www.vupen.com/english/advisories/2006/2611", "name": "ADV-2006-2611", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2006/2868", "name": "ADV-2006-2868", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27799", "name": "toendacms-connector-file-upload(27799)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27494", "name": "geeklog-connector-file-upload(27494)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27469", "name": "geeklog-multiple-scripts-file-include(27469)", "tags": [], "refsource": "XF"}, {"url": "https://www.exploit-db.com/exploits/6344", "name": "6344", "tags": [], "refsource": "EXPLOIT-DB"}, {"url": "https://www.exploit-db.com/exploits/2035", "name": "2035", "tags": [], "refsource": "EXPLOIT-DB"}, {"url": "https://www.exploit-db.com/exploits/1964", "name": "1964", "tags": [], "refsource": "EXPLOIT-DB"}, {"url": "http://www.securityfocus.com/archive/1/440423/100/0/threaded", "name": "20060717 ToendaCMS <= 1.0.0 arbitrary file upload", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-3362", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-07-06T20:05Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:geeklog:geeklog:1.4.0_sr3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:toenda_software_development:toendacms:0.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:geeklog:geeklog:1.4.0_sr1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:geeklog:geeklog:1.4.0_sr2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:geeklog:geeklog:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:toenda_software_development:toendacms:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:toenda_software_development:toendacms:0.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:toenda_software_development:toendacms:0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:47Z"}

5.1 /10