Sp3Shial

**Name of the Vulnerable Software and Affected Versions** FCKeditor version 2.2 **Description** The issue allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the `application/zip` content type, and then accessing this file via a direct request to the file in `UserFiles/File/`. This is likely related to an issue where an unrestricted file upload vulnerability is present in the `editor/filemanager/browser/default/connectors/php/connector.php` file. **Recommendations** For FCKeditor version 2.2, consider restricting or disabling the file upload functionality in the `connector.php` file until a patch is available. Avoid using the FileUpload action with the `application/zip` content type to minimize the risk of exploitation. Restrict access to the `UserFiles/File/` directory to prevent direct requests to uploaded files.