Highly critical FCKEditor vulnerability reported

A "highly critical" vulnerability of the popular Web-based FCKEditor has been reported on Secunia. It can potentially be exploited by malicious parties to compromise a vulnerable system.

A "highly critical" vulnerability of the popular Web-based FCKEditor has been reported on Secunia. It can potentially be exploited by malicious parties to compromise a vulnerable system.

Excerpt from the advisory:

The vulnerability is caused due to an error in the handling of file uploads in editor/filemanager/upload/php/upload.php when a filename has multiple file extensions. This can be exploited to upload malicious script files (e.g., a PHP script).

Successful exploitation may allow execution of script code depending on the HTTP server configuration (it requires an Apache server with the "mod_mime" module installed).

The vulnerability has been reported in version 2.4.3, though prior versions may also be affected.

The flaw has been fixed in version 2.5 beta, which you can download here.