Coldfusion security flaw: ColdFusion 8 input sanitization issue

Published by

Posted on October 30, 2009

 

 /CFIDE/scripts/ajax/FCKeditor/editor/filemanager/connectors/cfm/upload.cfm 
CVE number: CVE-2009-2265
SUMMARY A vulnerability in FCKEditor, which is included as part of ColdFusion 8, could allow a remote attacker to upload files in arbitrary directories which could lead to a system compromise. This issue is remotely exploitable. There are reports that this issue is being exploited in the wild.  SUMMARY  A vulnerability in FCKEditor, which is included as part of ColdFusion 8, could allow a remote attacker to upload files in arbitrary directories which could lead to a system compromise. This issue is remotely exploitable. There are reports that this issue is being exploited in the wild.
Hotfix

 /CFIDE/scripts/ajax/FCKeditor/editor/filemanager/connectors/cfm/upload.cfm 

CVE number: CVE-2009-2265

SUMMARY A vulnerability in FCKEditor, which is included as part of ColdFusion 8, could allow a remote attacker to upload files in arbitrary directories which could lead to a system compromise. This issue is remotely exploitable. There are reports that this issue is being exploited in the wild.  SUMMARY  A vulnerability in FCKEditor, which is included as part of ColdFusion 8, could allow a remote attacker to upload files in arbitrary directories which could lead to a system compromise. This issue is remotely exploitable. There are reports that this issue is being exploited in the wild.

Hotfix

Categories: ColdFusion