fkie_nvd - fkie_cve-2006-3362

FKIE_CVE-2006-3362

Vulnerability from fkie_nvd - Published: 2006-07-06 20:05 - Updated: 2025-04-03 01:03

Severity ?

Summary

Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.

References

URL	Tags
cve@mitre.org	http://retrogod.altervista.org/toenda_100_shizouka_xpl.html	Exploit
cve@mitre.org	http://secunia.com/advisories/20886	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/21117	Vendor Advisory
cve@mitre.org	http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager
cve@mitre.org	http://www.geeklog.net/article.php/geeklog-1.4.0sr4
cve@mitre.org	http://www.securityfocus.com/archive/1/440423/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/18767	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/19072	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/30950
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2611
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2868
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/27469
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/27494
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/27799
cve@mitre.org	https://www.exploit-db.com/exploits/1964
cve@mitre.org	https://www.exploit-db.com/exploits/2035
cve@mitre.org	https://www.exploit-db.com/exploits/6344
af854a3a-2127-422b-91ae-364da2661108	http://retrogod.altervista.org/toenda_100_shizouka_xpl.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20886	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21117	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager
af854a3a-2127-422b-91ae-364da2661108	http://www.geeklog.net/article.php/geeklog-1.4.0sr4
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/440423/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18767	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/19072	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/30950
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2611
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2868
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/27469
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/27494
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/27799
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/1964
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/2035
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/6344

Impacted products

Vendor	Product	Version
geeklog	geeklog	1.4.0
geeklog	geeklog	1.4.0_sr1
geeklog	geeklog	1.4.0_sr2
geeklog	geeklog	1.4.0_sr3
toenda_software_development	toendacms	0.6.1
toenda_software_development	toendacms	0.6.2
toenda_software_development	toendacms	0.7
toenda_software_development	toendacms	1.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:geeklog:geeklog:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B89E7A29-0EAE-4BB0-B0DD-0B5B55F80453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:geeklog:geeklog:1.4.0_sr1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0DFD93-BA8A-49BE-9063-E40AC757708A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:geeklog:geeklog:1.4.0_sr2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E07EB8A-5B67-41B9-8358-1CE59E1B6E09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:geeklog:geeklog:1.4.0_sr3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3EAF15E-44B6-44F6-B794-2DF571131415",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:toenda_software_development:toendacms:0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB6C4C75-D481-4B53-B94B-C92B8EFCC4F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:toenda_software_development:toendacms:0.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95B16BFA-7796-45FF-813B-987B5F9BB635",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:toenda_software_development:toendacms:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DEB50B9-4BF5-4815-87F4-67C868979805",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:toenda_software_development:toendacms:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E3A79A9-C696-4B6F-92C3-9ED496D636FE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip."
    },
    {
      "lang": "es",
      "value": "connectors/php/connector.php en el gestor de fichero mcpuk de FCKEditor usado en (1) Geeklog 1.4.0 a la v1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable y anteriores, y posiblemente otros productos, cuando se instala sobre Apache con mod_mime, permite a atacantes remotos subir y ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s de un fichero con la extensi\u00f3n .php y rastreando la extensi\u00f3n que est\u00e1 permitida como por ejemplo .zip."
    }
  ],
  "evaluatorSolution": "Upgrade to Geeklog version 1.4.0sr4 :\r\nhttp://www.geeklog.net/filemgmt/index.php?id=727",
  "id": "CVE-2006-3362",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-07-06T20:05:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://retrogod.altervista.org/toenda_100_shizouka_xpl.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20886"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21117"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr4"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/440423/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/18767"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/19072"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/30950"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/2611"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/2868"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27469"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27494"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27799"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/1964"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/2035"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/6344"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://retrogod.altervista.org/toenda_100_shizouka_xpl.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20886"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21117"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/440423/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/18767"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/19072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/30950"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/2611"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/2868"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27494"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27799"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/1964"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/2035"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/6344"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2006-3362 (GCVE-0-2006-3362)

Vulnerability from cvelistv5 – Published: 2006-07-06 20:00 – Updated: 2024-08-07 18:23

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/19072	vdb-entryx_refsource_BID
	http://www.securityfocus.com/bid/18767	vdb-entryx_refsource_BID
	http://www.securityfocus.com/bid/30950	vdb-entryx_refsource_BID
	http://www.geeklog.net/article.php/geeklog-1.4.0sr4	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.geeklog.net/article.php/exploit-for-fc…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2006/2868	vdb-entryx_refsource_VUPEN
	https://www.exploit-db.com/exploits/6344	exploitx_refsource_EXPLOIT-DB
	https://www.exploit-db.com/exploits/2035	exploitx_refsource_EXPLOIT-DB
	https://www.exploit-db.com/exploits/1964	exploitx_refsource_EXPLOIT-DB
	http://secunia.com/advisories/20886	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/archive/1/440423/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/21117	third-party-advisoryx_refsource_SECUNIA
	http://retrogod.altervista.org/toenda_100_shizouk…	x_refsource_MISC
	http://www.vupen.com/english/advisories/2006/2611	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:23:21.227Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "19072",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19072"
          },
          {
            "name": "18767",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18767"
          },
          {
            "name": "30950",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/30950"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr4"
          },
          {
            "name": "geeklog-multiple-scripts-file-include(27469)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27469"
          },
          {
            "name": "toendacms-connector-file-upload(27799)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27799"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager"
          },
          {
            "name": "ADV-2006-2868",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2868"
          },
          {
            "name": "6344",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/6344"
          },
          {
            "name": "2035",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/2035"
          },
          {
            "name": "1964",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/1964"
          },
          {
            "name": "20886",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20886"
          },
          {
            "name": "geeklog-connector-file-upload(27494)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27494"
          },
          {
            "name": "20060717 ToendaCMS \u003c= 1.0.0 arbitrary file upload",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/440423/100/0/threaded"
          },
          {
            "name": "21117",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21117"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://retrogod.altervista.org/toenda_100_shizouka_xpl.html"
          },
          {
            "name": "ADV-2006-2611",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2611"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "19072",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19072"
        },
        {
          "name": "18767",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18767"
        },
        {
          "name": "30950",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/30950"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr4"
        },
        {
          "name": "geeklog-multiple-scripts-file-include(27469)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27469"
        },
        {
          "name": "toendacms-connector-file-upload(27799)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27799"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager"
        },
        {
          "name": "ADV-2006-2868",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2868"
        },
        {
          "name": "6344",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/6344"
        },
        {
          "name": "2035",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/2035"
        },
        {
          "name": "1964",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/1964"
        },
        {
          "name": "20886",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20886"
        },
        {
          "name": "geeklog-connector-file-upload(27494)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27494"
        },
        {
          "name": "20060717 ToendaCMS \u003c= 1.0.0 arbitrary file upload",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/440423/100/0/threaded"
        },
        {
          "name": "21117",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21117"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://retrogod.altervista.org/toenda_100_shizouka_xpl.html"
        },
        {
          "name": "ADV-2006-2611",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2611"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3362",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "19072",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19072"
            },
            {
              "name": "18767",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18767"
            },
            {
              "name": "30950",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/30950"
            },
            {
              "name": "http://www.geeklog.net/article.php/geeklog-1.4.0sr4",
              "refsource": "CONFIRM",
              "url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr4"
            },
            {
              "name": "geeklog-multiple-scripts-file-include(27469)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27469"
            },
            {
              "name": "toendacms-connector-file-upload(27799)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27799"
            },
            {
              "name": "http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager",
              "refsource": "CONFIRM",
              "url": "http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager"
            },
            {
              "name": "ADV-2006-2868",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2868"
            },
            {
              "name": "6344",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/6344"
            },
            {
              "name": "2035",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/2035"
            },
            {
              "name": "1964",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/1964"
            },
            {
              "name": "20886",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20886"
            },
            {
              "name": "geeklog-connector-file-upload(27494)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27494"
            },
            {
              "name": "20060717 ToendaCMS \u003c= 1.0.0 arbitrary file upload",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/440423/100/0/threaded"
            },
            {
              "name": "21117",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21117"
            },
            {
              "name": "http://retrogod.altervista.org/toenda_100_shizouka_xpl.html",
              "refsource": "MISC",
              "url": "http://retrogod.altervista.org/toenda_100_shizouka_xpl.html"
            },
            {
              "name": "ADV-2006-2611",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2611"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3362",
    "datePublished": "2006-07-06T20:00:00",
    "dateReserved": "2006-07-06T00:00:00",
    "dateUpdated": "2024-08-07T18:23:21.227Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2006-3362

CVE-2006-3362 (GCVE-0-2006-3362)

Tags

Sightings

Nomenclature