Threat Level: green Handler on Duty: Adrien de Beaupre

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

FCKEditor advisory

Published: 2009-07-03
Last Updated: 2011-01-24 23:48:02 UTC
by Adrien de Beaupre (Version: 1)
0 comment(s)

"FCKeditor, a web based open source HTML text editor, suffers from a remote file upload vulnerability." The advisory is here. CVE-2009-2265 has been assigned to the vulnerability. The patch and a new version of the editor will be available next week (06 July). Keep a close eye on any system with this package installed on it, it is recommended to follow mitigation steps in the advisory in the meantime. A number of compromises have been reported as a result of the exploit being used prior to now. Thanks Andrea.

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
0 comment(s)
Diary Archives