[geeklog-devel] security issue editor(s)
Wim Niemans
niemans at nlbox.com
Fri May 16 19:08:53 EDT 2014
See http://project.geeklog.net/tracking/view.php?id=1763
Summary: editor files are wide open for abuse
Description:
If an anonymous attacker 'knows' the exact url, all files of FCKeditor are wide
open for abuse.
Some html display errors, like no valid xml response from server, and all php
execute.
Maybe this is also true for the CKeditor.
Additional Information:
Can this be solved by a htaccess entry?
----------------------------------------------------------------------
This needs special attention because attacks are detected on the file manager
connector already.
Wim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20140517/7ec6190f/attachment.html>
More information about the geeklog-devel
mailing list