File Upload Vulnerability in FCKEditor

The PHP file upload module in FCKEditor allows developers to offer file upload functionality to end users. This paper describes a vulnerability which allows attackers to bypass file-type checks in this module and upload malicious PHP code into the web servers.