CVE-2009-2265

Currently unrated 🤨

Key Information

Vendor
Fckeditor
Status
Fckeditor
Vendor
CVE Published:
5 July 2009

Badges

👾 Exploit Exists🔴 Public PoC🟣 EPSS 97%

Summary

Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-2265
Created by 0xConstant

zaphoxx-coldfusion
Created by zaphoxx

CVE-2009-2265
Created by p1ckzi

Refferences

http://www.vupen.com/english/advisories/2009/1825
vdb-entryx_refsource_VUPEN
http://www.ocert.org/advisories/ocert-2009-007.html
x_refsource_MISC
http://sourceforge.net/project/shownotes.php?release_id=6...
x_refsource_CONFIRM
http://secunia.com/advisories/35909
third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2009/dsa-1836
vendor-advisoryx_refsource_DEBIAN
https://www.redhat.com/archives/fedora-package-announce/2...
vendor-advisoryx_refsource_FEDORA
http://secunia.com/advisories/35833
third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/1813
vdb-entryx_refsource_VUPEN
http://mail.zope.org/pipermail/zope-dev/2009-July/037195....
mailing-listx_refsource_MLIST
http://www.securitytracker.com/id?1022513
vdb-entryx_refsource_SECTRACK
http://isc.sans.org/diary.html?storyid=6724
x_refsource_MISC
http://www.securityfocus.com/archive/1/504721/100/0/threaded
mailing-listx_refsource_BUGTRAQ
https://www.redhat.com/archives/fedora-package-announce/2...
vendor-advisoryx_refsource_FEDORA
http://packetstormsecurity.com/files/163271/Adobe-ColdFus...
x_refsource_MISC

EPSS Score

97% chance of being exploited in the next 30 days.

Timeline

  • 🔴

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database4 Proof of Concept(s)
.