cbcvebase.
CVE-2006-3362
published 2006-07-06

CVE-2006-3362: Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2)…

PriorityP342medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
4.97%
91.1th percentile
Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.

Affected

8 ranges
VendorProductVersion rangeFixed in
geekloggeeklog
geekloggeeklog
geekloggeeklog
geekloggeeklog
toenda_software_developmenttoendacms
toenda_software_developmenttoendacms
toenda_software_developmenttoendacms
toenda_software_developmenttoendacms
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.