CVE-2009-2265

N/A Unknown

Published: July 05, 2009 Modified: April 23, 2026

Description

Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://isc.sans.org/diary.html?storyid=6724

Source: cve@mitre.org

http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html

Source: cve@mitre.org

http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html

Source: cve@mitre.org

http://secunia.com/advisories/35833

Source: cve@mitre.org

http://secunia.com/advisories/35909

Source: cve@mitre.org

http://sourceforge.net/project/shownotes.php?release_id=695430

Source: cve@mitre.org

http://www.debian.org/security/2009/dsa-1836

Source: cve@mitre.org

http://www.ocert.org/advisories/ocert-2009-007.html

Source: cve@mitre.org

Patch

http://www.securityfocus.com/archive/1/504721/100/0/threaded

Source: cve@mitre.org

http://www.securitytracker.com/id?1022513

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2009/1813

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2009/1825

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html

Source: cve@mitre.org

http://isc.sans.org/diary.html?storyid=6724

Source: af854a3a-2127-422b-91ae-364da2661108

http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35833

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35909

Source: af854a3a-2127-422b-91ae-364da2661108

http://sourceforge.net/project/shownotes.php?release_id=695430

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2009/dsa-1836

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ocert.org/advisories/ocert-2009-007.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securityfocus.com/archive/1/504721/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1022513

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/1813

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/1825

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html

Source: af854a3a-2127-422b-91ae-364da2661108

28 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

92.8%

100th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-22

Affected Vendors

fckeditor

Related CVEs

CVE-2026-7041 3.7

CVE-2026-7039 7.8

CVE-2026-7038 3.3

CVE-2026-7037 9.8

CVE-2026-7036 7.3