Jump to content


  • Content count

  • Joined

  • Last visited

1 Follower

Profile Information

  • Real Name
    Greg Anderson
  1. galaxian

    Security issue with KCFinder

    Thank you for the feed back. Yes that is a solution but just adds a bit more time to the process. I was hoping there may be an secure solution out there.
  2. Hello We have recently come across a security issue with using KCFinder image uploader which was integrated to CkEditor. The KCFinder was used to upload images into product descriptions when being edited in CKeditor. Essentially the KCFinder file "browser.php" could be accessed by anyone online and allowed the uploading of files to a website. The addon has now been disabled. After investigating further I found this notation online re KCFinder. Mandatory security measure: Open "kcfinder/config.php" and make sure "disabled" is true. If it's false, ANYONE will be able to access KCFinder and upload files. We learned the hard way on that one. So in posting this info we hope no one else will have the same issue. Question: What can we use which is secure with CKEditor to allow us to upload images into our product descriptions? We are using OSCOM 2.3. Any feedback is much appreciated.