The Joomla! Forum ™

Download

Demo


Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x » 3rd Party/Non Joomla! Security Issues



Post new topic Reply to topic  Page 1 of 1
  [ 1 post ] 
  Print view Previous topic | Next topic 
Author Message
smart
PostPosted: Fri Aug 11, 2006 9:31 am 
User avatar
Joomla! Intern
Joomla! Intern
Offline

Joined: Thu Aug 18, 2005 1:33 pm
Posts: 95
Location: Sebastopol
JoomlaFCK has critical vulnerability which allows non authorized users upload .htaccess files to server.

Solution: in file /mambots/editors/fckeditor/editor/filemanager/upload/php/config.php

change line:
Code:
$Config['DeniedExtensions']['files']    = array('php','php2','php3','php4','php5','phtml','pwml','inc','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','com','dll','vbs','js','reg','cgi');


to
Code:
$Config['DeniedExtensions']['files']    = array('php','php2','php3','php4','php5','phtml','pwml','inc','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','com','dll','vbs','js','reg','cgi', 'htaccess');

_________________
Joomlaportal.ru News, articles and tutorials
Joomlaforum.ru Russian Joomla Support Forum
Member of the Russian Joomla Translation Team


Last edited by smart on Fri Aug 11, 2006 9:36 am, edited 1 time in total.

Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 1 post ] 


Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x » 3rd Party/Non Joomla! Security Issues

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group