|
PolyPager 1.0rc10 (fckeditor) Remote Arbitrary File Upload Vulnerability=0D
=0D
=0D
Impact Security Bypass=0D
Where From remote=0D
Software PolyPager 1.0rc10=0D
=0D
Description=0D
A security issue has been discovered in PolyPager, which can be exploited by malicious people to bypass certain security restrictions.=0D
=0D
Access to the enabled FCKeditor component is not properly restricted, which can be exploited to e.g upload files of certain types.=0D
=0D
The security issue is confirmed in version 1.0rc10 Other versions may also be affected.=0D
=0D
Solution=0D
Restrict access to the plugins/fckeditor/editor/filemanager/connectors/ directory (e.g. via .htaccess)