Page 1 of 1

Spaw and FCKeditor Vulnerability Reports

Posted: Mon 1. Oct 2007, 09:24
by Oliver Georgi
Notice: This is no phpwcms specific problem!

Hi friends,

I have seen that there are still attacks against Spaw and FCKeditor - so this is just a warning. There might be possible security problems for older releases of Spaw and/or FCKeditor. So please check again that you use most current releases of phpwcms or fix it yourself.

http://secunia.com/product/2635/?task=advisories
http://secunia.com/product/7973/?task=advisories

WYSIWYG editors are located at:
Spaw 1.x: include/inc_ext/spaw
Spaw 2.x: include/inc_ext/spaw2
FCKeditor: include/inc_ext/fckeditor

If you have an upgraded release including Spaw2 delete Spaw1!

Current releases of phpwcms have patched versions included and also some more security checks inside - but nobody is perfect.

Oliver