CF8 and FCKEditor Security threat
In a recent SANS posting, they identify a vulnerability in some ColdFusion installations. It involves the richtext feature found in cftexarea. This feature actually uses an open source application called FCKEditor. The FCKEditor has functionality to handle file uploads and file management but this feature should be disabled in the version embedded in CF server. The problem lies in that in some cases the connector that runs this feature is actually turn on.
Is your connector on? Go to..
Look at config.cfm and see if the connector is on.
If left on, this means a hacker might be able to directly call the filemanager system to upload files and take control of the server. FCKEditor has had some history on being exploited by this type of attack.
1) Turn off the connector so that the filemanagement and file upload features can't work.
2) To be completely safe, delete the entire filemanager directory found under "CFIDE\scripts\ajax\FCKeditor\editor". The embedded version of FCKeditor for CF doesn't and really shouldn't use this feature. So removing those files completely is the safest thing to do. Be mindful that updates to CF might re-introduce those files and naturally re-open the problem.