Cold Fusion and some PHP sites are being hit hard over the last 24 hours by what appear to be Chinese cyber-criminals using an exploit found within the popular browser-based editor component FCKeditor. The vulnerability allows for remote code execution / uploading of files to arbitrary locations / installation of remote shells and it would appear that many sites are being attacked.

Versions <= the current shipping version (FCKeditor <= 2.6.4) are vulnerable. A patch does not yet exist; in the mean time disabling the file browser is one of the mitigation steps.

A number of Python projects utilize this editor component.

oCERT Advisory: http://www.ocert.org/advisories/ocert-2009-007.html