CVE-2009-3068
Adobe Robohelp Server - Access Control
Title source: ruleDescription
Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/16789
exploitdb
WORKING POC
VERIFIED
by Intevydis · textwebappsjsp
https://www.exploit-db.com/exploits/33209
metasploit
WORKING POC
EXCELLENT
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/adobe_robohelper_authbypass.rb
References (12)
Scores
EPSS
0.8990
EPSS Percentile
99.6%
Details
CWE
CWE-264
Status
published
Products (1)
adobe/robohelp_server
8
Published
Sep 04, 2009
Tracked Since
Feb 18, 2026