Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

› WebAssist Forums › Design Extender › PowerCMS Builder › fckeditor.js

fckeditor.js

Thread began 4/29/2015 4:57 am by neilo | Last modified 4/30/2015 6:47 pm by Ray Borduin | 2138 views | 7 replies |

4/29/2015 4:57 am | #1 neilo

fckeditor.js

From Hosting Providers:

"We have detected that you have a vulnerable version of the 'Fckeditor' script in your webspace. This version is vulnerable to attack by third-parties and will allow them to install their own code in your webspace. This will cause your content to be damaged, allow them to infect the computers of visitors to your website, and in extreme circumstances allow the server itself to be compromised.

This is the file that was detected, this should help you find the script location (it might be part of another plugin or script):

../cms/HTMLEditor/fckeditor.js

This is a *very* serious vulnerability and needs to be dealt with as soon as possible. Inaction may result in your site being taken offline unless we hear from you. "

Advice needed please. [Easy if possible]

I attach copy of the fckeditor.js script

4/29/2015 10:11 am | #2 Ray BorduinWebAssist

Upgrade to CKeditor from the latest version of DataBridge and delete the old CKeditor folder entirely. We moved to CKeditor many years ago and it shouldn't have the same vulnerabilities the old version did.

Did this help? Tips are appreciated...

4/29/2015 11:41 am | #3 neilo

Databridge Folder to PCMS

How to extract new folder (from Databridge) in order to replace old PCMS folder? Which PCMS folder? See attached PCMS folder tree. Do I rename old folder/files? Need step by step.

4/29/2015 11:59 am | #4 Ray BorduinWebAssist

Is this an old powerCMS v1 site? Or is this just a site you created using HTMLEditor? The easiest solution is probably to delete the entire HTMLEditor folder and then replace the editors on the pages where they are used.

Did this help? Tips are appreciated...

4/29/2015 12:48 pm | #5 neilo

It's an old PowerCMS v1 or v2 install, so the HTML Editor instances are part of that? So they would all be in cms/admin/contents_update.php?

4/29/2015 2:35 pm | #6 neilo

Yes?

Please - hosting servers to close/delete site imminently.

4/30/2015 3:37 pm | #7 Ray BorduinWebAssist

Yes... delete the old CKeditor folder immediately and the security hole will be closed.

Then you will go to the contents_update.php page to add the newer CKeditor and you should be good to go.

Another option if you have Design Extender is to (save a backup first) delete the entire admin for the cms and the connection for it and then have Design Extender upgrade the entire back end to the newest version.

Did this help? Tips are appreciated...

4/30/2015 5:07 pm | #8 neilo

Huge thanks, Ray.

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now. Build a store, a gallery, or a web-based email solution.