TUCoPS :: HP Unsorted P :: b1a-1024.htm

PolyPager 1.0rc10 (fckeditor) File Upload Security Issue
PolyPager 1.0rc10 (fckeditor) File Upload Security Issue
PolyPager 1.0rc10 (fckeditor) File Upload Security Issue


PolyPager 1.0rc10 (fckeditor) Remote Arbitrary File Upload Vulnerability=0D
=0D
=0D
Impact  Security Bypass=0D
Where From remote=0D
Software PolyPager 1.0rc10=0D
=0D
Description=0D
A security issue has been discovered in PolyPager, which can be exploited by malicious people to bypass certain security restrictions.=0D
=0D
Access to the enabled FCKeditor component is not properly restricted, which can be exploited to e.g upload files of certain types.=0D
=0D
The security issue is confirmed in version 1.0rc10 Other versions may also be affected.=0D
=0D
Solution=0D
Restrict access to the plugins/fckeditor/editor/filemanager/connectors/ directory (e.g. via .htaccess)

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH