CVE-2009-4665

描述

Directory traversal vulnerability in `CuteSoft_Client/CuteEditor/Load.ashx` in CuteSoft Components Cute Editor for ASP.NET allows remote attackers to read arbitrary files via a `..` (dot dot) in the file parameter.

如何修補 CVE-2009-4665

要修補 CVE-2009-4665,請將受影響套件升級到下列已修補版本。

• NuGet/CuteEditor—升級至 6.6 或更新版本

CVE-2009-4665 正在被利用嗎?

中等 — EPSS 為 6.5%,可持續追蹤但非最高優先。

受影響套件(1)

• from 0, < 6.6

參考連結(4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2009-4665
• WEBexchange.xforce.ibmcloud.com/vulnerabilities/50727
• WEBweb.archive.org/web/20200228205122/http://www.securityfocus.com/bid/35085
• WEBwww.exploit-db.com/exploits/8785