Description
ColdFusion version 8.0.1 installs a vulnerable version of FCKEditor which is enabled by default. FCKEditor includes functionality to handle file uploads and file management, allowing an attacker to upload and execute malicious code.
Remediation
One fix is to edit the config.cfm file at \CFIDE\scripts\ajax\FCKeditor\editor\filemanager\connectors\cfm to disable uploads (consult CF8 and FCKEditor Security threat) .
Also, Adobe released a security patch for this issue and is a very high level patch that should be applied to your servers (consult Hotfix available for potential ColdFusion 8 input sanitization issue).
References
Related Vulnerabilities
WordPress Plugin wpDataTables-Tables & Table Charts SQL Injection (1.5.3)
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.42)
WordPress Plugin Pondol Carousel Cross-Site Scripting (1.0)
WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.20)
WordPress Plugin Users Ultra Membership Cross-Site Scripting (1.5.78)