From [url=http://secunia.com/advisories/20122/]Secunia[/url]:
A vulnerability has been discovered in FCKeditor, which potentially can be exploited by malicious people to compromise a vulnerable system.
Fortunately, this should not impact nukeWYSIWYG or RavenNuke users unless the default NukeUser authority has been changed to admin level, which allows uploads.
The vulnerability is caused due to an input validation error in the processing of file uploads. This can be exploited to upload arbitrary scripts by defining an invalid value for the "Type" parameter when uploading a file via "editor/filemanager/upload/php/upload.php".
|
This article comes from nukeSEO.com
https://nukeseo.com
The URL for this story is:
https://nukeseo.com/modules.php?name=News&file=article&sid=19
https://nukeseo.com
The URL for this story is:
https://nukeseo.com/modules.php?name=News&file=article&sid=19