Pete Freitag Pete Freitag

Hotfix for CF8 FCKeditor Vulnerability Released

Updated on December 07, 2023
By Pete Freitag

Adobe has just released a security hotfix for the FCKeditor vulnerability in ColdFusion 8.

Also of Note, Adobe's Terry Ryan posted a blog entry today detailing How to report a ColdFusion Security Issue to Adobe. Update, link no longer works, but today you can report issues to Adobe's PSIRT team.

security cffile upload fckeditor vulnerability coldfusion

Hotfix for CF8 FCKeditor Vulnerability Released was first published on July 08, 2009.

If you like reading about security, cffile, upload, fckeditor, vulnerability, or coldfusion then you might also like:


The Fixinator Code Security Scanner for ColdFusion & CFML is an easy to use security tool that every CF developer can use. It can also easily integrate into CI for automatic scanning on every commit.

Try Fixinator

The weekly newsletter for the CFML Community


Just a head's up to anyone applying this one:
1) The .jar file comes down as a .zip file. Just change the extension

2) I downloaded this one locally, uploaded to the server, and then copied over into the CFIDE folder. After that, I got a server login bix whenever I tried to use cftextarea.

Turns out the cftextarea.js file had the FTP folder priviliages, and it required more privliages to work in the CFIDE folder. Once I set them up to match the other folder in that directory, it was fine again.
by Paul Dynan on 09/28/2009 at 2:41:12 PM UTC