The 2.5 version of FCKeditor (indeed every version prior to 2.6.4.1) was found to have a serious vulnerability. The FCKeditor fix in 2.6.4.1 still leaves the vulnerable page exposed, though hopefully protected - I'd prefer not to comment on that.
The new version of the Zen Cart mod, bundles the 2.6.4.1 versions and adds an extra layer of protection. Unfortunately, as you have discovered, it relies on information that IE appears not to provide.
You can get around this by deleting the .htaccess file in editors/fckeditor/editor/filemanager/browser/default, though this may leave you exposed again.
Better would be to turn off the upload image feature and use FTP to put transfer them to your site for when you need them.


Reply With Quote
