I've stumbled upon a security problem that allows you to upload and overwrite files in the portal root without being logged into the website. It also allows you to view all the portal root files and view all the pages displayed in the Page Link view.
Versions 2.0.7 and 2.0.8 have the problem, but I haven't tested with older versions. I've checked multiple websites that I know are using ckeditor and I was able to reproduce the problem on all of them.
Until this problem has been resolved, I recommend removing the write permissions on the default.css and portal.css files because at the moment, anyone can upload images to your site and display them by overwriting your css files.
Please contact me so we can discuss the details of this problem privately.
Versions 2.0.7 and 2.0.8 have the problem, but I haven't tested with older versions. I've checked multiple websites that I know are using ckeditor and I was able to reproduce the problem on all of them.
Until this problem has been resolved, I recommend removing the write permissions on the default.css and portal.css files because at the moment, anyone can upload images to your site and display them by overwriting your css files.
Please contact me so we can discuss the details of this problem privately.