Home

Description

ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 are vulnerable to remote command execution due to insecure handling of file uploads via the mimencode CGI utility. The vulnerability allows unauthenticated attackers to upload and execute arbitrary scripts as the Apache user. Additionally, the exploit can optionally escalate privileges by abusing insecure PATH usage in the benetool binary, resulting in root-level access if successful.

PUBLISHED Reserved 2025-08-28 | Published 2025-08-30 | Updated 2025-09-02 | Assigner VulnCheck




CRITICAL: 10.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status
unaffected

* before 125.10
affected

Credits

Patrick Webster (aushack) finder

References

raw.githubusercontent.com/...p/contentkeeperweb_mimencode.rb exploit

www.aushack.com/200904-contentkeeper.txt exploit

www.ativion.com/contentkeeper/ product patch

web.archive.org/...81220084819/http://www.contentkeeper.com/ product

www.vulncheck.com/...tkeeper-web-appliance-rce-via-mimencode third-party-advisory

cve.org (CVE-2009-20011)

nvd.nist.gov (CVE-2009-20011)

Download JSON