Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3068

CWE-2645 documents4 sources
Severity
9.3CRITICAL
EPSS
89.9%
top 0.43%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Adobe Robohelp Server
Timeline
PublishedSep 4
Latest updateMay 2

Description

Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-ff43-6vf9-7633: Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute a2022-05-02
CVEList
CVE-2009-3068: Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute a2009-09-04

💥Exploits & PoCs

2
Exploit-DB
Adobe RoboHelp Server 8 - Arbitrary File Upload / Execution (Metasploit)2010-11-24
Exploit-DB
Adobe RoboHelp Server 8 - Authentication Bypass2009-09-03
CVE-2009-3068 (CRITICAL CVSS 9.3) | Unrestricted file upload vulnerabil | cvebase.io