edit-icon download-icon

[Vulnerability notice] File upload vulnerability in CKFinder

Last Updated: May 07, 2018

Description

CKFinder is a popular Web-browser-based Ajax file manager. However, the earlier versions of CKFinder do not have a complete security filtering feature, that allows hackers to upload Webshell files.

Fix

Upgrade CKFinder to the latest version from the CKFinder official website.

Note: To avoid data loss, make a backup before upgrading, or create a snapshot for your ECS.

Thank you! We've received your feedback.