Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: FCKEditor advisory - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
FCKEditor advisory

"FCKeditor, a web based open source HTML text editor, suffers from a remote file upload vulnerability." The advisory is here. CVE-2009-2265 has been assigned to the vulnerability. The patch and a new version of the editor will be available next week (06 July). Keep a close eye on any system with this package installed on it, it is recommended to follow mitigation steps in the advisory in the meantime. A number of compromises have been reported as a result of the exploit being used prior to now. Thanks Andrea.

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
Adrien de Beaupre

353 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!