All Products
Document Center

[Vulnerability notice] File upload vulnerability in FCKeditor

Last Updated: Nov 14, 2017


FCKeditor is an open source rich text editor designed to bring common word processor features directly to web pages, simplifying their content creation. Its core code is written in JavaScript.

Earlier versions of FCKeditor do not impose strict filtering policy and can be exploited by hackers to upload webshell.


FCKeditor has been upgraded to CKEditor. Follow the official guidelines to upgrade the editor to the latest version.

Note: To avoid data loss, make a backup before upgrading, or create a hard disk snapshot for ECS.