CVE-2009-2265

EPSS 83.9%

Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.

Affected products

n/a · n/a

public PoCs found — 9

githubgithub.com/zaphoxx/zaphoxx-coldfusion★ 2 githubgithub.com/h3x0v3rl0rd/CVE-2009-2265★ 1 githubgithub.com/p1ckzi/CVE-2009-2265★ 1 githubgithub.com/0xDTC/Adobe-ColdFusion-8-RCE-CVE-2009-2265★ 1 githubgithub.com/matesz44/CVE-2009-2265★ 0 githubgithub.com/nika0x38/CVE-2009-2265★ 0 exploitdbwww.exploit-db.com/exploits/16788unverified exploitdbwww.exploit-db.com/exploits/50057unverified cve_referencepacketstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.htmlunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://isc.sans.org/diary.html?storyid=6724 http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html http://secunia.com/advisories/35833 http://secunia.com/advisories/35909 http://sourceforge.net/project/shownotes.php?release_id=695430 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html http://www.debian.org/security/2009/dsa-1836 http://www.ocert.org/advisories/ocert-2009-007.html http://www.securityfocus.com/archive/1/504721/100/0/threaded http://www.securitytracker.com/id?1022513