Welcome, Guest
Username: Password: Remember me
Got a Joomla problem? Post as much detail about it as you can here to see if you can get a solution.

Help others in the community - post your Joomla tips and how-tos here.

TOPIC: JCE Security Vulnerability - Update ASAP

JCE Security Vulnerability - Update ASAP 6 years 9 months ago #6855

  • robertf
  • robertf's Avatar
  • Offline
  • Junior Boarder
  • Posts: 23
  • Thank you received: 3
Hi all,

I stumbled onto a problem today with a site that I manage (pro bono). When I tried to view, edit or create an Article from the Admin backend, nothing displayed in the browser (I tried a couple of browsers with the same result).

To cut a long story short, I found the problem only affected the JCE editor - switch to Tiny MCE and all was okay. Then when I tried to backup the site prior to a restore of an earlier backup, Akeeba complained it did not have permission to back up the JCE component. I checked the file permissions through CPanel and found they were 000.

I called my ISP support (the website is in a shared hosting environment) and learnt that due to a security vulnerability with an older version of JCE and Joomla 1.5 (yes, the site needs to be upgraded, but it is pro bono!), they'd written a script to search and change permissions of older JCE files to 000 ... supposedly they'd put a post on their forum about the change, but who reads forums!?

Well, in case anyone's reading this forum, all I had to do was download the latest version of JCE, uninstall the old one from my website, and install the new one.

Hope this helps.

Regards,
Robertf ;)
The administrator has disabled public write access.
Time to create page: 0.068 seconds
Powered by Kunena Forum