Coldfusion security flaw: ColdFusion 8 input sanitization issue
/CFIDE/scripts/ajax/FCKeditor/editor/filemanager/connectors/cfm/upload.cfm
CVE number: CVE-2009-2265
SUMMARY A vulnerability in FCKEditor, which is included as part of ColdFusion 8, could allow a remote attacker to upload files in arbitrary directories which could lead to a system compromise. This issue is remotely exploitable. There are reports that this issue is being exploited in the wild. SUMMARY A vulnerability in FCKEditor, which is included as part of ColdFusion 8, could allow a remote attacker to upload files in arbitrary directories which could lead to a system compromise. This issue is remotely exploitable. There are reports that this issue is being exploited in the wild.
Hotfix
/CFIDE/scripts/ajax/FCKeditor/editor/filemanager/connectors/cfm/upload.cfm
CVE number: CVE-2009-2265
SUMMARY A vulnerability in FCKEditor, which is included as part of ColdFusion 8, could allow a remote attacker to upload files in arbitrary directories which could lead to a system compromise. This issue is remotely exploitable. There are reports that this issue is being exploited in the wild. SUMMARY A vulnerability in FCKEditor, which is included as part of ColdFusion 8, could allow a remote attacker to upload files in arbitrary directories which could lead to a system compromise. This issue is remotely exploitable. There are reports that this issue is being exploited in the wild.
