High severityNVD Advisory· Published Aug 20, 2025· Updated Apr 15, 2026
CVE-2009-10005
CVE-2009-10005
Description
ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output parameters, attackers can read sensitive files such as /etc/passwd outside the webroot.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <125.10
Patches
Vulnerability mechanics
References
5- www.aushack.com/200904-contentkeeper.txtnvd
- raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/admin/http/contentkeeper_fileaccess.rbnvd
- web.archive.org/web/20100325220542/http://www.contentkeeper.com/nvd
- www.exploit-db.com/exploits/16923nvd
- www.vulncheck.com/advisories/contentkeeper-web-appliance-arbitrary-file-access-via-mimencodenvd
News mentions
0No linked articles in our index yet.