CVE-2006-3362

Name of the Vulnerable Software and Affected Versions FCKeditor versions not specified Geeklog versions 1.4.0 through 1.4.0sr3 toendaCMS versions 1.0.0 Shizouka Stable and earlier WeBid version 0.5.4

Description The issue allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip. This is possible due to an unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager.

Recommendations For Geeklog versions 1.4.0 through 1.4.0sr3, update to a version later than 1.4.0sr3 to resolve the issue. For toendaCMS versions 1.0.0 Shizouka Stable and earlier, update to a version later than 1.0.0 Shizouka Stable. For WeBid version 0.5.4, update to a version later than 0.5.4. For FCKeditor, at the moment, there is no information about a newer version that contains a fix for this vulnerability.