How to Buy
This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.
The remote web server contains an application that is affected by an
arbitrary file upload vulnerability.
The version of Adobe ColdFusion running on the remote host is
affected by an arbitrary file upload vulnerability. The installed
version ships with a vulnerable version of an open source HTML text
editor, FCKeditor, that fails to properly sanitize input passed to
the 'CurrentFolder' parameter of the 'upload.cfm' script located under
An attacker can leverage this issue to upload arbitrary files and
execute commands on the remote system subject to the privileges of the
web server user id.
See also :
Upgrade to version 8.0.1 if necessary and apply the patch referenced
in the vendor advisory above.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.8
Public Exploit Available : true
Family: CGI abuses
Nessus Plugin ID: 39790 (coldfusion_fckeditor_file_upload.nasl)
Bugtraq ID: 31812
CVE ID: CVE-2009-2265
Get Nessus Professional to scan unlimited IPs, run compliance checks & more
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.