Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

Search the Community

Showing results for tags 'security issue with kcfinder'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • News and Announcements
    • News and Announcements
  • osCommerce v4.x
    • General Support
    • Migration from old osCommerce
    • Design and Templates
    • Apps / Add-ons
    • Translations
    • API and import/export
    • Marketplace integration
    • Manuals and How-to
  • osCommerce Online Merchant v2.x
    • General Support
    • osCommerce Online Merchant Community Bootstrap Edition
    • Add-Ons
  • Development
  • General
    • General Discussions
    • Live Shop Reviews
    • Security
    • Developer Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



Real Name




Found 1 result

  1. Hello We have recently come across a security issue with using KCFinder image uploader which was integrated to CkEditor. The KCFinder was used to upload images into product descriptions when being edited in CKeditor. Essentially the KCFinder file "browser.php" could be accessed by anyone online and allowed the uploading of files to a website. The addon has now been disabled. After investigating further I found this notation online re KCFinder. Mandatory security measure: Open "kcfinder/config.php" and make sure "disabled" is true. If it's false, ANYONE will be able to access KCFinder and upload files. We learned the hard way on that one. So in posting this info we hope no one else will have the same issue. Question: What can we use which is secure with CKEditor to allow us to upload images into our product descriptions? We are using OSCOM 2.3. Any feedback is much appreciated.