CVE-2009-2265

Name of the Vulnerable Software and Affected Versions FCKeditor versions prior to 2.6.4.1

Description The issue is related to multiple directory traversal vulnerabilities that allow remote attackers to create executable files in arbitrary directories. This is achieved through directory traversal sequences in the input to unspecified connector modules. The vulnerability is related to the file browser and the editor/filemanager/connectors/ directory. It has been exploited in the wild for remote code execution. The vulnerability is also associated with incorrect restriction of the path name to a directory with limited access, which may allow a remote attacker to upload arbitrary files.

Recommendations For FCKeditor versions prior to 2.6.4.1, update to version 2.6.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the file browser and the editor/filemanager/connectors/ directory to minimize the risk of exploitation. Avoid using the vulnerable connector modules until the issue is resolved.