Spaw and FCKeditor Vulnerability Reports
Posted: Mon 1. Oct 2007, 09:24
Notice: This is no phpwcms specific problem!
Hi friends,
I have seen that there are still attacks against Spaw and FCKeditor - so this is just a warning. There might be possible security problems for older releases of Spaw and/or FCKeditor. So please check again that you use most current releases of phpwcms or fix it yourself.
http://secunia.com/product/2635/?task=advisories
http://secunia.com/product/7973/?task=advisories
WYSIWYG editors are located at:
Spaw 1.x: include/inc_ext/spaw
Spaw 2.x: include/inc_ext/spaw2
FCKeditor: include/inc_ext/fckeditor
If you have an upgraded release including Spaw2 delete Spaw1!
Current releases of phpwcms have patched versions included and also some more security checks inside - but nobody is perfect.
Oliver
Hi friends,
I have seen that there are still attacks against Spaw and FCKeditor - so this is just a warning. There might be possible security problems for older releases of Spaw and/or FCKeditor. So please check again that you use most current releases of phpwcms or fix it yourself.
http://secunia.com/product/2635/?task=advisories
http://secunia.com/product/7973/?task=advisories
WYSIWYG editors are located at:
Spaw 1.x: include/inc_ext/spaw
Spaw 2.x: include/inc_ext/spaw2
FCKeditor: include/inc_ext/fckeditor
If you have an upgraded release including Spaw2 delete Spaw1!
Current releases of phpwcms have patched versions included and also some more security checks inside - but nobody is perfect.
Oliver