Opened 12 years ago

Closed 12 years ago

#1657 closed Bug (invalid)

security issue

Reported by: Ireneusz Sawicki Owned by:
Priority: Normal Milestone:
Component: File Browser Version: FCKeditor 2.5
Keywords: Cc:

Description

I don't know how to exactly name it either feature or bug ;-) but typing 'http://(websitehost)/fckeditor/editor/filemanager/browser/default/browser.html' in browser url input enables any user to browse/upload files on server in catalogues specified in config file, without any authentication.

Change History (1)

comment:1 Changed 12 years ago by Alfonso Martínez de Lizarrondo

Priority: HighNormal
Resolution: invalid
Status: newclosed

The config file states that you must be sure that only authenticated users must be able to access that file or that you must use some session validation. By default all the connectors are disabled and you choose how to enable it.

Note: See TracTickets for help on using tickets.
© 2003 – 2019 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy