When upgrading, the recommendation is to remove all the old files first - exactly for cases like this, where the file was removed from newer versions.
In 1.5.0, there's an upload script (within FCKeditor) in a different location. So I guess in theory this should also work on 1.5.0 if you changed the URL.
I say in theory because I couldn't get it to work, neither with 1.4.1 nor 1.5.0.
For the moment, though, it probably can't hurt to disable the upload in FCKeditor entirely - or remove the public "fckeditor" directory.
On 1.4.1, edit public_html/fckeditor/editor/filemanager/upload/php/config.php
On 1.5.0, edit public_html/fckeditor/editor/filemanager/connectors/php/config.php
In both cases, find the line that reads
Text Formatted Code
$Config['Enabled'] = true ;
and change it to read
Text Formatted Code
$Config['Enabled'] = false;
Note: Since this exploit does try to access FCKeditor directly, it won't matter if you have the "Advanced Editor" enabled in Geeklog or not. Do the above in any case.
We're still looking into the issue and let you know when we find anything.
Anyone wanting to provide more information, please do so at our
security contact address. Thanks.
bye, Dirk