A "highly critical" vulnerability of the popular Web-based FCKEditor has been reported on Secunia. It can potentially be exploited by malicious parties to compromise a vulnerable system.
The vulnerability is caused due to an error in the handling of file uploads in editor/filemanager/upload/php/upload.php when a filename has multiple file extensions. This can be exploited to upload malicious script files (e.g., a PHP script).
Successful exploitation may allow execution of script code depending on the HTTP server configuration (it requires an Apache server with the "mod_mime" module installed).
The vulnerability has been reported in version 2.4.3, though prior versions may also be affected.
The flaw has been fixed in version 2.5 beta, which you can download here.
Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.