Am 07.02.2013 21:46, schrieb OQ:
On Thu, Feb 7, 2013 at 2:39 PM, Thomas Gries
<mail(a)tgries.de> wrote:
@Admins who use FCKEditor:
please be reminded that be reminded, that FCKEditor has severe security
issues.
Yes, but as I mentioned until there is a suitable replacement, your
choices are: run an insecure wiki, not use mediawiki.
Use mediawiki, but do not use
FCKEditor.
see
http://www.cvedetails.com/vulnerability-list/vendor_id-2724/Fckeditor.html
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1
allow remote attackers to create executable files in arbitrary
directories via directory traversal sequences in the input to
unspecified connector modules, as exploited in the wild for remote code
execution in July 2009, related to the file browser and the
editor/filemanager/connectors/ directory.