Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 up to and including 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and previous versions, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote malicious users to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
geeklog geeklog 1.4.0_sr3 |
||
toenda software development toendacms 0.6.1 |
||
geeklog geeklog 1.4.0_sr1 |
||
geeklog geeklog 1.4.0_sr2 |
||
geeklog geeklog 1.4.0 |
||
toenda software development toendacms 1.0 |
||
toenda software development toendacms 0.6.2 |
||
toenda software development toendacms 0.7 |