"FCKeditor, a web based open source HTML text editor, suffers from a remote file upload vulnerability." The advisory is here. CVE-2009-2265 has been assigned to the vulnerability. The patch and a new version of the editor will be available next week (06 July). Keep a close eye on any system with this package installed on it, it is recommended to follow mitigation steps in the advisory in the meantime. A number of compromises have been reported as a result of the exploit being used prior to now. Thanks Andrea. I will be teaching next: Intrusion Detection In-Depth - SANS Cyber Defence Australia 2022 |
Adrien de Beaupre 353 Posts ISC Handler Jul 3rd 2009 |
Thread locked Subscribe |
Jul 3rd 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!