FCKeditor is bundled with seems-like everything (ColdFusion, Drupal plugins, WordPress plugins, other random CMSs) and has probably been responsible for countless hacks via file upload issues.
Examples:
<a href="http://www.exploit-db.com/exploits/12697/">http://www.exploit-db.com/exploits/12697/</a>
<a href="http://www.exploit-db.com/exploits/15484/">http://www.exploit-db.com/exploits/15484/</a>
<a href="http://www.exploit-db.com/exploits/17644/">http://www.exploit-db.com/exploits/17644/</a>
<a href="http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=FCKeditor&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=">Big O'l list on Exploit-DB</a>
LOW?
Actually most FCKeditors checks in Nessus I found were either Medium or High (hence honorable mention and not in the talk).
<a href="http://1.bp.blogspot.com/-80Scuzz_jYk/T5QsNKaxWuI/AAAAAAAAAy4/aP361mluDHg/s1600/fckeditor-blog1-nessus.PNG"></a>
<a href="http://2.bp.blogspot.com/-JLIVCukrUc4/T5QsakDPm8I/AAAAAAAAAzA/EXgBfRqyyR8/s1600/fckeditor-blog2-nessus.PNG"></a>
There is a good write-up of a classic case of FCKEditor abuse here:
<a href="http://secureyes.net/nw/assets/File-Upload-Vulnerability-in-FCKEditor.pdf">http://secureyes.net/nw/assets/File-Upload-Vulnerability-in-FCKEditor.pdf</a>
Google Dorks
inurl:/editor/filemanager/browser/default/connectors/[LANGUAGE]/connector.php
![binding.filter(filter) will trigger OData request to backend[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)