An attacker can exploit this vulnerability to install remote shells on the victim server among other things, it should be noted that this vulnerability is being actively exploited in the wild.
Additionally several XSS vulnerabilities are present in the packaged samples directory.
'fckeditor/editor/images/...') are well known target locations for remote php shells with extensions that match image files * completely remove the '_samples' directory Affected version: FCKeditor .
i'm using the fckeditor as the rich text box control.
The input of several connector modules is not properly verified before being used, this leads to exposure of the contents of arbitrary directories on the server filesystem and allows file uploading to arbitrary locations.
This earns you a point and marks your thread as Resolved so we will all know you have been helped.
Then, the requiredfieldvalidator indicates that the field is still empty. Due to a limitation in the default validation system, you must set it to "false". Here's some (rather verbose) code I use to do server side validation.
If you want to do client side validation, you must use a Custom Validator instead and provide the appropriate validation function, using the FCKeditor Java Script API." So the simple solution is: Disable client side validation for the control. But when page is posted back and I make the all empty. The example is for an update - when the input is invalid the details view re-opens with all the form fields populated with whatever was there when the form was submitted.
this is my code: Hi to everybody, I have a problem validating a textarea generated by fckeditor with PHP.
When i use Required Field Validator for Validation FCKEditor , The first time that the form gonna submit , Required Field Validator prompt (Error Message) and indicate that FCKEditor is empty , while it isn't .