CVE-2006-3362

FCKeditor mcpuk - Unrestricted File Upload

Title source: llm

Description

Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Stack · phpwebappsphp
https://www.exploit-db.com/exploits/6344
exploitdb WORKING POC VERIFIED
by rgod · phpwebappsphp
https://www.exploit-db.com/exploits/2035
exploitdb WORKING POC VERIFIED
by rgod · phpwebappsphp
https://www.exploit-db.com/exploits/1964

References (17)

Scores

EPSS 0.1521
EPSS Percentile 94.6%

Details

Status published
Products (8)
geeklog/geeklog 1.4.0
geeklog/geeklog 1.4.0_sr1
geeklog/geeklog 1.4.0_sr2
geeklog/geeklog 1.4.0_sr3
toenda_software_development/toendacms 0.6.1
toenda_software_development/toendacms 0.6.2
toenda_software_development/toendacms 0.7
toenda_software_development/toendacms 1.0
Published Jul 06, 2006
Tracked Since Feb 18, 2026