http://msmvps.com/blogs/harrywaldron/archive/2009/07/03/cold-fusion-web-sites-compromised-when-html-editor-enabled.aspxWeb ADMINS should ensure the HTML text editor is secured as it may be automatically installed by default on some versions of Cold Fusion studio. Large # of Cold Fusion web sites compromised in past 24 hours http://isc.sans.org/diary.html?storyid=6715enCommunityServer 2008.5 SP2 (Build: 40407.4157)