[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
FCKEditor File Upload Vulnerability
There is no validation on the extensions when FCKEditor 2.6.8 ASP version is
dealing with the duplicate files. As a result, it is possible to bypass
the protection and upload a file with any extension.
- Reference: http://www.exploit-db.com/exploits/23005/
vulnerable versions: prior to 2.6.9
Vendor Response: http://ckeditor.com/forums/Announcements/FCKeditor-2.6.9-Released