Vulnerabilities while using 3rd party CMS plugins
One such plugin is FCKeditor. FCKeditor contains functionality to handle file uploads and file management. A remote attacker could use this functionality to upload malicious executable files on the system. Applications using FCKEDITOR (prior to v220.127.116.11 and some newer versions) are vulnerable and can be used to upload malicious files (Webshell and other Backdoor Shells) and which could exploit client applications and may corrupt/modify the website files and at the same time affecting other client applications on the same server. CMS applications using kindeditor (v4.1.5, v4.1.6 or some other versions) are also vulnerable and can be used for remote file upload further risking website file and the server as a whole. Thus, we would like all our clients to make sure that they upgrade CMS plugins such as FCKeditor or CKeditor to their latest versions.
Utiware Web Hosting
Saturday, July 4, 2015