ByteOS Network

Vulnerability Details :

CVE-2006-3362

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-06 Jul, 2006 | 20:00

Updated At-07 Aug, 2024 | 18:23

Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:06 Jul, 2006 | 20:00

Updated At:07 Aug, 2024 | 18:23

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://www.securityfocus.com/bid/19072	vdb-entry x_refsource_BID
http://www.securityfocus.com/bid/18767	vdb-entry x_refsource_BID
http://www.securityfocus.com/bid/30950	vdb-entry x_refsource_BID
http://www.geeklog.net/article.php/geeklog-1.4.0sr4	x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/27469	vdb-entry x_refsource_XF
https://exchange.xforce.ibmcloud.com/vulnerabilities/27799	vdb-entry x_refsource_XF
http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/2868	vdb-entry x_refsource_VUPEN
https://www.exploit-db.com/exploits/6344	exploit x_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/2035	exploit x_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/1964	exploit x_refsource_EXPLOIT-DB
http://secunia.com/advisories/20886	third-party-advisory x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/27494	vdb-entry x_refsource_XF
http://www.securityfocus.com/archive/1/440423/100/0/threaded	mailing-list x_refsource_BUGTRAQ
http://secunia.com/advisories/21117	third-party-advisory x_refsource_SECUNIA
http://retrogod.altervista.org/toenda_100_shizouka_xpl.html	x_refsource_MISC
http://www.vupen.com/english/advisories/2006/2611	vdb-entry x_refsource_VUPEN

Hyperlink: http://www.securityfocus.com/bid/19072

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://www.securityfocus.com/bid/18767

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://www.securityfocus.com/bid/30950

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://www.geeklog.net/article.php/geeklog-1.4.0sr4

Resource:

x_refsource_CONFIRM

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/27469

Resource:

vdb-entry

x_refsource_XF

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/27799

Resource:

vdb-entry

x_refsource_XF

Hyperlink: http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.vupen.com/english/advisories/2006/2868

Resource:

vdb-entry

x_refsource_VUPEN

Hyperlink: https://www.exploit-db.com/exploits/6344

Resource:

exploit

x_refsource_EXPLOIT-DB

Hyperlink: https://www.exploit-db.com/exploits/2035

Resource:

exploit

x_refsource_EXPLOIT-DB

Hyperlink: https://www.exploit-db.com/exploits/1964

Resource:

exploit

x_refsource_EXPLOIT-DB

Hyperlink: http://secunia.com/advisories/20886

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/27494

Resource:

vdb-entry

x_refsource_XF

Hyperlink: http://www.securityfocus.com/archive/1/440423/100/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: http://secunia.com/advisories/21117

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://retrogod.altervista.org/toenda_100_shizouka_xpl.html

Resource:

x_refsource_MISC

Hyperlink: http://www.vupen.com/english/advisories/2006/2611

Resource:

vdb-entry

x_refsource_VUPEN

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.securityfocus.com/bid/19072	vdb-entry x_refsource_BID x_transferred
http://www.securityfocus.com/bid/18767	vdb-entry x_refsource_BID x_transferred
http://www.securityfocus.com/bid/30950	vdb-entry x_refsource_BID x_transferred
http://www.geeklog.net/article.php/geeklog-1.4.0sr4	x_refsource_CONFIRM x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/27469	vdb-entry x_refsource_XF x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/27799	vdb-entry x_refsource_XF x_transferred
http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager	x_refsource_CONFIRM x_transferred
http://www.vupen.com/english/advisories/2006/2868	vdb-entry x_refsource_VUPEN x_transferred
https://www.exploit-db.com/exploits/6344	exploit x_refsource_EXPLOIT-DB x_transferred
https://www.exploit-db.com/exploits/2035	exploit x_refsource_EXPLOIT-DB x_transferred
https://www.exploit-db.com/exploits/1964	exploit x_refsource_EXPLOIT-DB x_transferred
http://secunia.com/advisories/20886	third-party-advisory x_refsource_SECUNIA x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/27494	vdb-entry x_refsource_XF x_transferred
http://www.securityfocus.com/archive/1/440423/100/0/threaded	mailing-list x_refsource_BUGTRAQ x_transferred
http://secunia.com/advisories/21117	third-party-advisory x_refsource_SECUNIA x_transferred
http://retrogod.altervista.org/toenda_100_shizouka_xpl.html	x_refsource_MISC x_transferred
http://www.vupen.com/english/advisories/2006/2611	vdb-entry x_refsource_VUPEN x_transferred

Hyperlink: http://www.securityfocus.com/bid/19072

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://www.securityfocus.com/bid/18767

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://www.securityfocus.com/bid/30950

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://www.geeklog.net/article.php/geeklog-1.4.0sr4

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/27469

Resource:

vdb-entry

x_refsource_XF

x_transferred

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/27799

Resource:

vdb-entry

x_refsource_XF

x_transferred

Hyperlink: http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.vupen.com/english/advisories/2006/2868

Resource:

vdb-entry

x_refsource_VUPEN

x_transferred

Hyperlink: https://www.exploit-db.com/exploits/6344

Resource:

exploit

x_refsource_EXPLOIT-DB

x_transferred

Hyperlink: https://www.exploit-db.com/exploits/2035

Resource:

exploit

x_refsource_EXPLOIT-DB

x_transferred

Hyperlink: https://www.exploit-db.com/exploits/1964

Resource:

exploit

x_refsource_EXPLOIT-DB

x_transferred

Hyperlink: http://secunia.com/advisories/20886

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/27494

Resource:

vdb-entry

x_refsource_XF

x_transferred

Hyperlink: http://www.securityfocus.com/archive/1/440423/100/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

x_transferred

Hyperlink: http://secunia.com/advisories/21117

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://retrogod.altervista.org/toenda_100_shizouka_xpl.html

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://www.vupen.com/english/advisories/2006/2611

Resource:

vdb-entry

x_refsource_VUPEN

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:06 Jul, 2006 | 20:05

Updated At:03 Apr, 2025 | 01:03

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.1	MEDIUM	AV:N/AC:H/Au:N/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 5.1

Base severity: MEDIUM

Vector:

AV:N/AC:H/Au:N/C:P/I:P/A:P

CPE Matches

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

Evaluator Solution

Upgrade to Geeklog version 1.4.0sr4 : http://www.geeklog.net/filemgmt/index.php?id=727

References

Hyperlink	Source	Resource
http://retrogod.altervista.org/toenda_100_shizouka_xpl.html	cve@mitre.org	Exploit
http://secunia.com/advisories/20886	cve@mitre.org	Patch Vendor Advisory
http://secunia.com/advisories/21117	cve@mitre.org	Vendor Advisory
http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager	cve@mitre.org	N/A
http://www.geeklog.net/article.php/geeklog-1.4.0sr4	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/440423/100/0/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/bid/18767	cve@mitre.org	Exploit
http://www.securityfocus.com/bid/19072	cve@mitre.org	Exploit
http://www.securityfocus.com/bid/30950	cve@mitre.org	N/A
http://www.vupen.com/english/advisories/2006/2611	cve@mitre.org	N/A
http://www.vupen.com/english/advisories/2006/2868	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/27469	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/27494	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/27799	cve@mitre.org	N/A
https://www.exploit-db.com/exploits/1964	cve@mitre.org	N/A
https://www.exploit-db.com/exploits/2035	cve@mitre.org	N/A
https://www.exploit-db.com/exploits/6344	cve@mitre.org	N/A
http://retrogod.altervista.org/toenda_100_shizouka_xpl.html	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://secunia.com/advisories/20886	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://secunia.com/advisories/21117	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.geeklog.net/article.php/geeklog-1.4.0sr4	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/archive/1/440423/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/18767	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://www.securityfocus.com/bid/19072	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://www.securityfocus.com/bid/30950	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.vupen.com/english/advisories/2006/2611	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.vupen.com/english/advisories/2006/2868	af854a3a-2127-422b-91ae-364da2661108	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/27469	af854a3a-2127-422b-91ae-364da2661108	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/27494	af854a3a-2127-422b-91ae-364da2661108	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/27799	af854a3a-2127-422b-91ae-364da2661108	N/A
https://www.exploit-db.com/exploits/1964	af854a3a-2127-422b-91ae-364da2661108	N/A
https://www.exploit-db.com/exploits/2035	af854a3a-2127-422b-91ae-364da2661108	N/A
https://www.exploit-db.com/exploits/6344	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: http://retrogod.altervista.org/toenda_100_shizouka_xpl.html

Source: cve@mitre.org

Resource:

Exploit

Hyperlink: http://secunia.com/advisories/20886

Source: cve@mitre.org

Resource:

Patch

Vendor Advisory

Hyperlink: http://secunia.com/advisories/21117

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.geeklog.net/article.php/geeklog-1.4.0sr4

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/archive/1/440423/100/0/threaded

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/18767

Source: cve@mitre.org

Resource:

Exploit

Hyperlink: http://www.securityfocus.com/bid/19072

Source: cve@mitre.org

Resource:

Exploit

Hyperlink: http://www.securityfocus.com/bid/30950

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.vupen.com/english/advisories/2006/2611

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.vupen.com/english/advisories/2006/2868

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/27469

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/27494

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/27799

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://www.exploit-db.com/exploits/1964

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://www.exploit-db.com/exploits/2035

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://www.exploit-db.com/exploits/6344

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://retrogod.altervista.org/toenda_100_shizouka_xpl.html