id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc
2676	FCKeditor 2.6.3 Directory Traversal	Christian Foronda		"You may upload files and create folders without logging in the admin page. The bug can be exploited by uploading arbitrary script files (e.g. backdoor to the system) and execute it.

The files and folders that are created via this bug have the permission of ""777"".

example:
http://yoursite.com/mambots/editors/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=../../connectors/php/connector.php

Tested in:[[BR]]
CentOS-5.2[[BR]]
httpd-2.2.3[[BR]]
php-5.1.6[[BR]]
mysql-5.0.45[[BR]]
Joomla-1.0.15

Tried to install the nightly build but I guess it's for Joomla 1.5?"	Bug	closed	Must have (possibly next milestone)		File Browser	FCKeditor 2.6.3	invalid