CVE-2009-3068

CVE Database · CVE-2009-3068

CVE-2009-3068

· N/AModified

CVSS v3.1

N/A

EPSS

78.18%

Published

Sep 4, 2009

Modified

Apr 22, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBAdobe RoboHelp Server 8 - Authentication Bypass Exploit-DBAdobe RoboHelp Server 8 - Arbitrary File Upload / Execution (Metasploit)

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11.

Weaknesses (CWE)

CWE-264

Affected Products (1)

adobe · robohelp_servervulnerable

References (20)

http://blogs.adobe.com/psirt/2009/09/potential_robohelp_server_8_is.html

http://intevydis.com/vd-list.shtml

http://secunia.com/advisories/36467

Vendor Advisory

http://twitter.com/elegerov/statuses/3727947465

http://twitter.com/elegerov/statuses/3737538715

http://twitter.com/elegerov/statuses/3737725344