A security release 2.6.4.1 of FCKeditor was released yesterday (CVE-2009-2265). As far I could test and check phpwcms seems not to be infected. All other connectors than PHP are not distributed and FCKeditor in phpwcms is secured by phpwcms backend session and some stronger system related path settings.
But to be on the safer side of life here is the updated FCKeditor. Make a backup of your existing FCKeditor (rename include/inc_ext/fckeditor). It should work with all installations of phpwcms >1.2 (but not tested for every release).
http://phpwcms.googlecode.com/files/php ... or2641.zip
Oliver
[Security] Update FCKeditor as soon as possible
- Oliver Georgi
- Site Admin
- Posts: 9905
- Joined: Fri 3. Oct 2003, 22:22
- Contact: