We have been using this editor for last 5-6 years. unfortunately, last week our server was hacked using a loophole in the editor. The file at /fileuploader/File/kurd.cer was an ASP shell script, that allows an uploader to upload content into pretty much any directory.
Specifically, it appears the attacker made use of the following vulnerability in FCKEditor:
Our secuirty advisor has asked to use the patch for this. Do you have any patch for ver 2.0? Coz we have used this editor for more than 200 sites.
Appreciate a little help in this matter. Thank you.
Vulnerability in FCkEditor ver 2.0