CVE-2006-3362

Опубликовано: 06 июл. 2006

Источник: nvd

CVSS2: 5.1

EPSS Средний

Описание

Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:geeklog:geeklog:1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:geeklog:geeklog:1.4.0_sr1:*:*:*:*:*:*:*

cpe:2.3:a:geeklog:geeklog:1.4.0_sr2:*:*:*:*:*:*:*

cpe:2.3:a:geeklog:geeklog:1.4.0_sr3:*:*:*:*:*:*:*

cpe:2.3:a:toenda_software_development:toendacms:0.6.1:*:*:*:*:*:*:*

cpe:2.3:a:toenda_software_development:toendacms:0.6.2:*:*:*:*:*:*:*

cpe:2.3:a:toenda_software_development:toendacms:0.7:*:*:*:*:*:*:*

cpe:2.3:a:toenda_software_development:toendacms:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.1521

Средний

5.1 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2006-3362

debian

больше 19 лет назад

Unrestricted file upload vulnerability in connectors/php/connector.php ...

GHSA-92qr-f662-7vcr

github

больше 3 лет назад