Vulnerabilities > Toenda Software Development > Toendacms > 0.6.1

DATE CVE VULNERABILITY TITLE RISK
2006-07-06 CVE-2006-3362 Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
network
high complexity
geeklog toenda-software-development
5.1
5.1
2006-06-03 CVE-2006-2799 Cross-Site Scripting vulnerability in ToendaCMS
Cross-site scripting (XSS) vulnerability in content_footer.php in toendaCMS 0.7.0 allows remote attackers to inject arbitrary web scripts or HTML via the print_url variable. 		6.8
6.8
2005-12-20 CVE-2005-4422 Remote File Upload vulnerability in Toenda Software Development Toendacms 0.6.1
Unrestricted file upload vulnerability in toendaCMS before 0.6.2 Stable allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in data/images/albums.
network
low complexity
toenda-software-development
6.5
6.5