Directory Traversal Vulnerabilities in FCKeditor by eEnhanced
CVE-2009-2265

Currently unrated

Key Information:

Vendor: Fckeditor
Status: Fckeditor
Vendor: CVE Published:; 5 July 2009

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 91%

Summary

Multiple directory traversal vulnerabilities exist in FCKeditor prior to version 2.6.4.1, allowing remote attackers to exploit these weaknesses to create executable files in arbitrary directories. This is accomplished through specially crafted input targeting unspecified connector modules. The vulnerabilities have been observed in real-world attacks, particularly impacting the integrated file browser and file manager connectors, leading to potential remote code execution.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-2265
Created by 0xConstant

zaphoxx-coldfusion
Created by zaphoxx

CVE-2009-2265
Created by p1ckzi

References

http://www.vupen.com/english/advisories/2009/1825

vdb-entryx_refsource_VUPEN

http://www.ocert.org/advisories/ocert-2009-007.html

x_refsource_MISC

http://sourceforge.net/project/shownotes.php?release_id=6...

x_refsource_CONFIRM

EPSS Score

91% chance of being exploited in the next 30 days.

Timeline

🟡
Public PoC available
Mar 31, 2022
👾
Exploit known to exist
Mar 31, 2022
Vulnerability published
Jul 5, 2009
Vulnerability Reserved
Jun 29, 2009