Vulnerability Details : CVE-2006-3362
Potential exploit
Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
Products affected by CVE-2006-3362
- cpe:2.3:a:geeklog:geeklog:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.4.0_sr1:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.4.0_sr2:*:*:*:*:*:*:*
- cpe:2.3:a:geeklog:geeklog:1.4.0_sr3:*:*:*:*:*:*:*
- cpe:2.3:a:toenda_software_development:toendacms:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:toenda_software_development:toendacms:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:toenda_software_development:toendacms:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:toenda_software_development:toendacms:0.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-3362
14.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-3362
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
References for CVE-2006-3362
-
http://www.vupen.com/english/advisories/2006/2868
-
http://secunia.com/advisories/20886
Patch;Vendor Advisory
-
http://www.geeklog.net/article.php/geeklog-1.4.0sr4
-
http://www.securityfocus.com/bid/18767
Exploit
-
http://retrogod.altervista.org/toenda_100_shizouka_xpl.html
Error 404 :(Exploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/27494
-
https://www.exploit-db.com/exploits/2035
-
https://www.exploit-db.com/exploits/6344
-
http://secunia.com/advisories/21117
Vendor Advisory
-
http://www.securityfocus.com/bid/19072
Exploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/27799
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/27469
-
http://www.securityfocus.com/archive/1/440423/100/0/threaded
-
http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager
-
http://www.vupen.com/english/advisories/2006/2611
-
http://www.securityfocus.com/bid/30950
-
https://www.exploit-db.com/exploits/1964
Jump to