Vulnerability Description
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fckeditor | Fckeditor | <= 2.6.4 |
Related Weaknesses (CWE)
References
- http://isc.sans.org/diary.html?storyid=6724
- http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html
- http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Ex
- http://secunia.com/advisories/35833
- http://secunia.com/advisories/35909
- http://sourceforge.net/project/shownotes.php?release_id=695430
- http://www.debian.org/security/2009/dsa-1836
- http://www.ocert.org/advisories/ocert-2009-007.htmlPatch
- http://www.securityfocus.com/archive/1/504721/100/0/threaded
- http://www.securitytracker.com/id?1022513
- http://www.vupen.com/english/advisories/2009/1813
- http://www.vupen.com/english/advisories/2009/1825
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html
- http://isc.sans.org/diary.html?storyid=6724
FAQ
What is CVE-2009-2265?
CVE-2009-2265 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to un...
How severe is CVE-2009-2265?
CVE-2009-2265 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2265?
Check the references section above for vendor advisories and patch information. Affected products include: Fckeditor Fckeditor.