Threat Level: green Handler on Duty: Russ McRee

SANS ISC: FCKEditor advisory SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
FCKEditor advisory

"FCKeditor, a web based open source HTML text editor, suffers from a remote file upload vulnerability." The advisory is here. CVE-2009-2265 has been assigned to the vulnerability. The patch and a new version of the editor will be available next week (06 July). Keep a close eye on any system with this package installed on it, it is recommended to follow mitigation steps in the advisory in the meantime. A number of compromises have been reported as a result of the exploit being used prior to now. Thanks Andrea.

Adrien de Beaupré Inc.
Adrien de Beaupre

353 Posts
ISC Handler
Jul 3rd 2009

Sign Up for Free or Log In to start participating in the conversation!