CVE-2009-2265

Currently unrated

Key Information:

Vendor
Fckeditor
Status
Fckeditor
Vendor
CVE Published:
5 July 2009

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 97%

Summary

Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-2265
Created by 0xConstant

zaphoxx-coldfusion
Created by zaphoxx

CVE-2009-2265
Created by p1ckzi

References

http://www.vupen.com/english/advisories/2009/1825
vdb-entryx_refsource_VUPEN
http://www.ocert.org/advisories/ocert-2009-007.html
x_refsource_MISC
http://sourceforge.net/project/shownotes.php?release_id=6...
x_refsource_CONFIRM

EPSS Score

97% chance of being exploited in the next 30 days.

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.