Am 07.02.2013 21:46, schrieb OQ:
On Thu, Feb 7, 2013 at 2:39 PM, Thomas Gries mail@tgries.de wrote:
@Admins who use FCKEditor: please be reminded that be reminded, that FCKEditor has severe security issues.
Yes, but as I mentioned until there is a suitable replacement, your choices are: run an insecure wiki, not use mediawiki.
Use mediawiki, but do not use FCKEditor. see http://www.cvedetails.com/vulnerability-list/vendor_id-2724/Fckeditor.html Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.