PRIOn knowledge basePRION:CVE-2009-2265Directory traversal
8.2 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.973 High
EPSS
Percentile
99.8%
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
References
isc.sans.org/diary.html?storyid=6724
mail.zope.org/pipermail/zope-dev/2009-July/037195.html
packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html
secunia.com/advisories/35833
secunia.com/advisories/35909
sourceforge.net/project/shownotes.php?release_id=695430
www.debian.org/security/2009/dsa-1836
www.ocert.org/advisories/ocert-2009-007.html
www.securityfocus.com/archive/1/504721/100/0/threaded
www.securitytracker.com/id?1022513
www.vupen.com/english/advisories/2009/1813
www.vupen.com/english/advisories/2009/1825
www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html
www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html
Related
8.2 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.973 High
EPSS
Percentile
99.8%