CVE-2009-4665 — CuteSoft CuteEditor Path Traversal vulnerability

Description

Directory traversal vulnerability in `CuteSoft_Client/CuteEditor/Load.ashx` in CuteSoft Components Cute Editor for ASP.NET allows remote attackers to read arbitrary files via a `..` (dot dot) in the file parameter.

How to fix CVE-2009-4665

To remediate CVE-2009-4665, upgrade the affected package to a fixed version below.

NuGet/CuteEditor—upgrade to 6.6 or later

Is CVE-2009-4665 being exploited?

Moderate — EPSS is 6.5%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

from 0, < 6.6

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2009-4665
WEBexchange.xforce.ibmcloud.com/vulnerabilities/50727
WEBweb.archive.org/web/20200228205122/http://www.securityfocus.com/bid/35085
WEBwww.exploit-db.com/exploits/8785