CVE-2009-20011

CRITICAL

ContentKeeper Web Appliance <125.10 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-20011. PoCs published by aushack, including Metasploit module exploits/unix/http/contentkeeperweb_mimencode.

AI-analyzed exploit summary This Metasploit module exploits a combination of vulnerabilities in ContentKeeper Web Appliance (versions prior to 125.10) to achieve remote command execution as the Apache user, with an optional privilege escalation to root via a setuid bash shell.

Description

ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 are vulnerable to remote command execution due to insecure handling of file uploads via the mimencode CGI utility. The vulnerability allows unauthenticated attackers to upload and execute arbitrary scripts as the Apache user. Additionally, the exploit can optionally escalate privileges by abusing insecure PATH usage in the benetool binary, resulting in root-level access if successful.

Exploits (1)

metasploit WORKING POC EXCELLENT

by aushack · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/contentkeeperweb_mimencode.rb

View Code ZIP pw:eip

This Metasploit module exploits a combination of vulnerabilities in ContentKeeper Web Appliance (versions prior to 125.10) to achieve remote command execution as the Apache user, with an optional privilege escalation to root via a setuid bash shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ContentKeeper Web Appliance < 125.10

No auth needed

Prerequisites: Network access to the target's web interface · Perl payload compatibility for privilege escalation

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/http/contentkeeperweb_mimencode.rb

Various Sources exploit

http://www.aushack.com/200904-contentkeeper.txt

Various Sources product patch

https://www.ativion.com/contentkeeper/

Various Sources product

https://web.archive.org/web/20081220084819/http://www.contentkeeper.com/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/contentkeeper-web-appliance-rce-via-mimencode

Scores

CVSS v4 10.0

EPSS 0.0126

EPSS Percentile 65.6%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-434 CWE-78

Status published

Products (1)

ContentKeeper Technologies/ContentKeeper Web Appliance < 125.10

Published Aug 30, 2025

Tracked Since Feb 18, 2026