Detections
Analytics

Adobe ColdFusion FCKeditor 'CurrentFolder' File Upload

high Nessus Plugin ID 39790

Language:

Synopsis

The remote web server contains an application that is affected by an arbitrary file upload vulnerability.

Description

The version of Adobe ColdFusion running on the remote host is affected by an arbitrary file upload vulnerability. The installed version ships with a vulnerable version of an open source HTML text editor, FCKeditor, that fails to properly sanitize input passed to the 'CurrentFolder' parameter of the 'upload.cfm' script located under '/CFIDE/scripts/ajax/FCKeditor/editor/filemanager/connectors/cfm'.

An attacker can leverage this issue to upload arbitrary files and execute commands on the remote system subject to the privileges of the web server user id.

Solution

Upgrade to version 8.0.1 if necessary and apply the patch referenced in the vendor advisory above.

See Also

http://ocert.org/advisories/ocert-2009-007.html

https://www.adobe.com/support/security/bulletins/apsb09-09.html

Plugin Details

Severity: High

ID: 39790

File Name: coldfusion_fckeditor_file_upload.nasl

Version: 1.30

Type: remote

Family: CGI abuses

Published: 7/14/2009

Updated: 2/25/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2009-2265

CVSS v3

Risk Factor: High

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:adobe:coldfusion

Required KB Items: installed_sw/ColdFusion

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 7/8/2009

Vulnerability Publication Date: 7/3/2009

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (ColdFusion 8.0.1 Arbitrary File Upload and Execute)

Reference Information

CVE: CVE-2009-2265

BID: 31812

CWE: 22

Secunia: 35747