Jump to content

Search the Community

Showing results for tags 'security issue with kcfinder'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • News and Announcements
    • News and Announcements
  • osCommerce v4.x
    • General Support
    • Design and Templates
    • Apps / Add-ons
    • Translations
    • API and import/export
    • Marketplace integration
    • Manuals and How-to
  • osCommerce Online Merchant v2.x
    • General Support
    • osCommerce Online Merchant Community Bootstrap Edition
    • Add-Ons
  • Development
  • General
    • General Discussions
    • Live Shop Reviews
    • Security
    • Developer Feedback
  • PayPal's Announcements
  • Sage Pay's Announcements
  • Solomono - new level osCommerce templates's Announcements
  • German Community's OSCOM v2.x
  • German Community's Allgemein

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Real Name


Location


Interests


Website

Found 1 result

  1. Hello We have recently come across a security issue with using KCFinder image uploader which was integrated to CkEditor. The KCFinder was used to upload images into product descriptions when being edited in CKeditor. Essentially the KCFinder file "browser.php" could be accessed by anyone online and allowed the uploading of files to a website. The addon has now been disabled. After investigating further I found this notation online re KCFinder. Mandatory security measure: Open "kcfinder/config.php" and make sure "disabled" is true. If it's false, ANYONE will be able to access KCFinder and upload files. We learned the hard way on that one. So in posting this info we hope no one else will have the same issue. Question: What can we use which is secure with CKEditor to allow us to upload images into our product descriptions? We are using OSCOM 2.3. Any feedback is much appreciated.
×