Adobe ColdFusion FCKeditor 'CurrentFolder' File Upload

This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.


Synopsis :

The remote web server contains an application that is affected by an
arbitrary file upload vulnerability.

Description :

The version of Adobe ColdFusion installed on the remote host is
affected by an arbitrary file upload vulnerability. The installed
version ships with a vulnerable version of an open source HTML text
editor FCKeditor that fails to properly sanitize input passed to
'CurrentFolder' parameter of the 'upload.cfm' script located under
'/CFIDE/scripts/ajax/FCKeditor/editor/filemanager/connectors/cfm'.

An attacker may be able to leverage this issue to upload arbitrary
files and execute commands on the remote system subject to the
privileges of the web server user id.

See also :

http://www.ocert.org/advisories/ocert-2009-007.html
http://www.adobe.com/support/security/bulletins/apsb09-09.html

Solution :

Upgrade to version 8.0.1 if necessary and apply the patch referenced
in the vendor advisory above.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: CGI abuses

Nessus Plugin ID: 39790 (coldfusion_fckeditor_file_upload.nasl)

Bugtraq ID: 31812

CVE ID: CVE-2009-2265