CVE-2009-2265
Adobe ColdFusion 8 - Remote Command Execution (RCE)
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
5
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
Múltiples vulnerabilidades de salto de directorio en FCKeditor anterior a v2.6.4.1, permiten a atacantes remotos crear ficheros ejecutables en directorios de su elección a través de secuencias de salto de directorio en la entrada de módulos conectores no especificados, tal como se ha explotado en Julio 2009. Está relacionado con el fichero de navegación y el directorio editor/filemanager/connectors/.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-06-29 CVE Reserved
- 2009-07-05 CVE Published
- 2010-11-24 First Exploit
- 2024-08-07 CVE Updated
- 2024-08-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (19)
| URL | Tag | Source |
|---|---|---|
| http://isc.sans.org/diary.html?storyid=6724 | X_refsource_misc | |
| http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html | Mailing List | |
| http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html | X_refsource_misc |
|
| http://secunia.com/advisories/35833 | Third Party Advisory | |
| http://secunia.com/advisories/35909 | Third Party Advisory | |
| http://sourceforge.net/project/shownotes.php?release_id=695430 | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/504721/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1022513 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2009/1813 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2009/1825 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/50057 | 2021-06-24 | |
| https://www.exploit-db.com/exploits/16788 | 2010-11-24 | |
| https://github.com/0xConstant/CVE-2009-2265 | 2022-04-14 | |
| https://github.com/p1ckzi/CVE-2009-2265 | 2022-06-30 | |
| https://github.com/N3rdyN3xus/CVE-2009-2265 | 2021-07-15 |
| URL | Date | SRC |
|---|---|---|
| http://www.ocert.org/advisories/ocert-2009-007.html | 2021-06-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | <= 2.6.4 Search vendor "Fckeditor" for product "Fckeditor" and version " <= 2.6.4" | - |
Affected
| ||||||
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | 2.0 Search vendor "Fckeditor" for product "Fckeditor" and version "2.0" | - |
Affected
| ||||||
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | 2.0_fc Search vendor "Fckeditor" for product "Fckeditor" and version "2.0_fc" | - |
Affected
| ||||||
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | 2.0_rc2 Search vendor "Fckeditor" for product "Fckeditor" and version "2.0_rc2" | - |
Affected
| ||||||
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | 2.0rc2 Search vendor "Fckeditor" for product "Fckeditor" and version "2.0rc2" | - |
Affected
| ||||||
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | 2.0rc3 Search vendor "Fckeditor" for product "Fckeditor" and version "2.0rc3" | - |
Affected
| ||||||
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | 2.1 Search vendor "Fckeditor" for product "Fckeditor" and version "2.1" | - |
Affected
| ||||||
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | 2.1.1 Search vendor "Fckeditor" for product "Fckeditor" and version "2.1.1" | - |
Affected
| ||||||
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | 2.2 Search vendor "Fckeditor" for product "Fckeditor" and version "2.2" | - |
Affected
| ||||||
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | 2.3 Search vendor "Fckeditor" for product "Fckeditor" and version "2.3" | - |
Affected
| ||||||
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | 2.3 Search vendor "Fckeditor" for product "Fckeditor" and version "2.3" | beta |
Affected
| ||||||
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | 2.3.1 Search vendor "Fckeditor" for product "Fckeditor" and version "2.3.1" | - |
Affected
| ||||||
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | 2.3.2 Search vendor "Fckeditor" for product "Fckeditor" and version "2.3.2" | - |
Affected
| ||||||
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | 2.3.3 Search vendor "Fckeditor" for product "Fckeditor" and version "2.3.3" | - |
Affected
| ||||||
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | 2.4 Search vendor "Fckeditor" for product "Fckeditor" and version "2.4" | - |
Affected
| ||||||
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | 2.4.1 Search vendor "Fckeditor" for product "Fckeditor" and version "2.4.1" | - |
Affected
| ||||||
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | 2.4.2 Search vendor "Fckeditor" for product "Fckeditor" and version "2.4.2" | - |
Affected
| ||||||
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | 2.4.3 Search vendor "Fckeditor" for product "Fckeditor" and version "2.4.3" | - |
Affected
| ||||||
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | 2.5 Search vendor "Fckeditor" for product "Fckeditor" and version "2.5" | - |
Affected
| ||||||
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | 2.5 Search vendor "Fckeditor" for product "Fckeditor" and version "2.5" | beta |
Affected
| ||||||
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | 2.5.1 Search vendor "Fckeditor" for product "Fckeditor" and version "2.5.1" | - |
Affected
| ||||||
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | 2.6 Search vendor "Fckeditor" for product "Fckeditor" and version "2.6" | - |
Affected
| ||||||
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | 2.6.1 Search vendor "Fckeditor" for product "Fckeditor" and version "2.6.1" | - |
Affected
| ||||||
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | 2.6.2 Search vendor "Fckeditor" for product "Fckeditor" and version "2.6.2" | - |
Affected
| ||||||
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | 2.6.3 Search vendor "Fckeditor" for product "Fckeditor" and version "2.6.3" | - |
Affected
| ||||||
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | 2.6.3 Search vendor "Fckeditor" for product "Fckeditor" and version "2.6.3" | beta |
Affected
| ||||||
| Fckeditor Search vendor "Fckeditor" | Fckeditor Search vendor "Fckeditor" for product "Fckeditor" | 2.6.4 Search vendor "Fckeditor" for product "Fckeditor" and version "2.6.4" | beta |
Affected
| ||||||