close ad
WARNING: Do Not Install the DREAMWEAVER CC 2017 or 2018 Update »
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

fckeditor.js

Thread began 4/29/2015 7:57 am by neilo | Last modified 4/30/2015 9:47 pm by Ray Borduin | 805 views | 7 replies |

neilo

fckeditor.js

From Hosting Providers:

"We have detected that you have a vulnerable version of the 'Fckeditor' script in your webspace. This version is vulnerable to attack by third-parties and will allow them to install their own code in your webspace. This will cause your content to be damaged, allow them to infect the computers of visitors to your website, and in extreme circumstances allow the server itself to be compromised.

This is the file that was detected, this should help you find the script location (it might be part of another plugin or script):

../cms/HTMLEditor/fckeditor.js

This is a *very* serious vulnerability and needs to be dealt with as soon as possible. Inaction may result in your site being taken offline unless we hear from you. "


Advice needed please. [Easy if possible]

I attach copy of the fckeditor.js script

Sign in to reply to this post

Ray BorduinWebAssist

Upgrade to CKeditor from the latest version of DataBridge and delete the old CKeditor folder entirely. We moved to CKeditor many years ago and it shouldn't have the same vulnerabilities the old version did.

Sign in to reply to this post

neilo

Databridge Folder to PCMS

How to extract new folder (from Databridge) in order to replace old PCMS folder? Which PCMS folder? See attached PCMS folder tree. Do I rename old folder/files? Need step by step.

Sign in to reply to this post

Ray BorduinWebAssist

Is this an old powerCMS v1 site? Or is this just a site you created using HTMLEditor? The easiest solution is probably to delete the entire HTMLEditor folder and then replace the editors on the pages where they are used.

Sign in to reply to this post

neilo

It's an old PowerCMS v1 or v2 install, so the HTML Editor instances are part of that? So they would all be in cms/admin/contents_update.php?

Sign in to reply to this post

neilo

Yes?

Please - hosting servers to close/delete site imminently.

Sign in to reply to this post

Ray BorduinWebAssist

Yes... delete the old CKeditor folder immediately and the security hole will be closed.

Then you will go to the contents_update.php page to add the newer CKeditor and you should be good to go.

Another option if you have Design Extender is to (save a backup first) delete the entire admin for the cms and the connection for it and then have Design Extender upgrade the entire back end to the newest version.

Sign in to reply to this post

neilo

Huge thanks, Ray.

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...