The FCKeditor project has released FCKeditor version 2.6.4.1 to address a vulnerability. This vulnerability is due to improper verification of input passed to the “CurrentFolder” parameter. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.
Additionally, FCKeditor is part of Adobe ColdFusion 8…
Read more at: US-CERT Current Activity
The FCKeditor project has released FCKeditor version 2.6.4.1 to address a vulnerability. This vulnerability is due to improper verification of input passed to the “CurrentFolder” parameter. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.
Additionally, FCKeditor is part of Adobe ColdFusion 8 and is enabled by default. The Adobe Product Security Incident Response Team (PSIRT) has posted a blog entry indicating that they are aware of public reports of ColdFusion websites being targeted for exploitation of this vulnerability.
US-CERT encourages users and administrators to upgrade to FCKeditor version 2.6.4.1 to help mitigate the risks. ColdFusion 8 users may implement the workarounds listed in the Adobe PSIRT blog entry.
Read more at: US-CERT Current Activity