We have been using this editor for last 5-6 years. unfortunately, last week our server was hacked using a loophole in the editor. The file at /fileuploader/File/kurd.cer was an ASP shell script, that allows an uploader to upload content into pretty much any directory.
Specifically, it appears the attacker made use of the following vulnerability in FCKEditor:
Our secuirty advisor has asked to use the patch for this. Do you have any patch for ver 2.0? Coz we have used this editor for more than 200 sites.
Appreciate a little help in this matter. Thank you.
Fri, 08/03/2012 - 06:26#1
Vulnerability in FCkEditor ver 2.0
Re: Vulnerability in FCkEditor ver 2.0
You should upgrade to FCKeditor 2.6.8 instead of patching. That particular issue was fixed recently in 2.6.7.
Customer and Community Manager, CKSource
Follow us on: Facebook, Twitter, LinkedIn
If you think you found a bug in CKEditor, read this!