FCKeditor, a web based open source HTML text editor, suffers from a remote file upload vulnerability. The input of several connector modules is not properly verified before being used, this leads to exposure of the contents of arbitrary directories on the server filesystem and allows file uploading to arbitrary locations. The affected code is remotely exposed before authentication. An attacker can exploit this vulnerability to install remote shells on the victim server among other things, it should be noted that this vulnerability is being actively exploited in the wild. Versions 2.6.4 and below are affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/78931/oCERT-2009-007.txt
Source: https://packetstormsecurity.com/files/78931/Open-Source-CERT-Security-Advisory-2009.7.html