snair007in's picture
Joined: 03/08/2012
Posts: 2
Vulnerability in FCkEditor ver 2.0
Hello,

We have been using this editor for last 5-6 years. unfortunately, last week our server was hacked using a loophole in the editor. The file at /fileuploader/File/kurd.cer was an ASP shell script, that allows an uploader to upload content into pretty much any directory.

Specifically, it appears the attacker made use of the following vulnerability in FCKEditor:
http://packetstormsecurity.org/files/cve/CVE-2009-4444

Our secuirty advisor has asked to use the patch for this. Do you have any patch for ver 2.0? Coz we have used this editor for more than 200 sites.

Appreciate a little help in this matter. Thank you.

Regards

Shibu
sebstefanov's picture
Joined: 03/02/2012
Posts: 1457
Re: Vulnerability in FCkEditor ver 2.0
You should upgrade to FCKeditor 2.6.8 instead of patching. That particular issue was fixed recently in 2.6.7.

Customer and Community Manager, CKSource
Follow us on: Facebook, Twitter, Google+, LinkedIn

If you think you found a bug in CKEditorread this!