High severityNVD Advisory· Published Aug 20, 2025· Updated Apr 15, 2026

CVE-2009-10005

Description

ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output parameters, attackers can read sensitive files such as /etc/passwd outside the webroot.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.aushack.com/200904-contentkeeper.txtnvd
raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/admin/http/contentkeeper_fileaccess.rbnvd
web.archive.org/web/20100325220542/http://www.contentkeeper.com/nvd
www.exploit-db.com/exploits/16923nvd
www.vulncheck.com/advisories/contentkeeper-web-appliance-arbitrary-file-access-via-mimencodenvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.040
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000