Pete FreitagHotfix for CF8 FCKeditor Vulnerability Released
Updated on December 07, 2023
By Pete Freitag
By Pete Freitag
Adobe has just released a security hotfix for the FCKeditor vulnerability in ColdFusion 8.
Also of Note, Adobe's Terry Ryan posted a blog entry today detailing How to report a ColdFusion Security Issue to Adobe. Update, link no longer works, but today you can report issues to Adobe's PSIRT team.
Hotfix for CF8 FCKeditor Vulnerability Released was first published on July 08, 2009.
If you like reading about security, cffile, upload, fckeditor, vulnerability, or coldfusion then you might also like:
- ColdFusion 8 FCKeditor Vulnerability
- Risks of FCKeditor Vulnerability in ColdFusion 8
- FCKeditor Access Denied
- ColdFusion Security Hotfixes Released
The Fixinator Code Security Scanner for ColdFusion & CFML is an easy to use security tool that every CF developer can use. It can also easily integrate into CI for automatic scanning on every commit.
Try Fixinator
1) The .jar file comes down as a .zip file. Just change the extension
2) I downloaded this one locally, uploaded to the server, and then copied over into the CFIDE folder. After that, I got a server login bix whenever I tried to use cftextarea.
Turns out the cftextarea.js file had the FTP folder priviliages, and it required more privliages to work in the CFIDE folder. Once I set them up to match the other folder in that directory, it was fine again.