1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: FCKeditor CVE-2009-2265

Web Attack: FCKeditor CVE-2009-2265

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects attempts to exploit an arbitrary file upload vulnerability in FCKeditor.

Additional Information

FCKeditor is an online text/DHTML editor; it is implemented in PHP.

FCKeditor is prone to a vulnerability that lets attackers upload arbitrary files it fails to adequately sanitize user-supplied input.

This issue affects the 'CurrentFolder' parameter of the 'editor/filemanager/browser/default/connectors/php/connector.php' script when it handles specially crafted files. Specifically, the script allows files to be uploaded to arbitrary directories. Additional, unspecified connector scripts are also affected.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.


  • Versions prior to FCKeditor are vulnerable.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube