From [url=http://secunia.com/advisories/20122/]Secunia[/url]:
A vulnerability has been discovered in FCKeditor, which potentially can be exploited by malicious people to compromise a vulnerable system.
Fortunately, this should not impact nukeWYSIWYG or RavenNuke users unless the default NukeUser authority has been changed to admin level, which allows uploads. The vulnerability is caused due to an input validation error in the processing of file uploads. This can be exploited to upload arbitrary scripts by defining an invalid value for the "Type" parameter when uploading a file via "editor/filemanager/upload/php/upload.php".
Posted on Thursday, May 18, 2006 @ 18:05:39 CDT by kguske