CVE-2009-2265
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.6 High
AI Score
Confidence
Low
0.972 High
EPSS
Percentile
99.8%
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
Affected configurations
References
isc.sans.org/diary.html?storyid=6724
mail.zope.org/pipermail/zope-dev/2009-July/037195.html
packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html
secunia.com/advisories/35833
secunia.com/advisories/35909
sourceforge.net/project/shownotes.php?release_id=695430
www.debian.org/security/2009/dsa-1836
www.ocert.org/advisories/ocert-2009-007.html
www.securityfocus.com/archive/1/504721/100/0/threaded
www.securitytracker.com/id?1022513
www.vupen.com/english/advisories/2009/1813
www.vupen.com/english/advisories/2009/1825
www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html
www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html
Social References
More
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.6 High
AI Score
Confidence
Low
0.972 High
EPSS
Percentile
99.8%