Exploit for #VU73597 Improper access control in ColdFusion

Exploit for #VU73597 Improper access control in ColdFusion

Cybersecurity Help s.r.o.

Published: 2023-04-28 | Updated: 2024-10-25

Vulnerability identifier: #VU73597

Vulnerability risk: High

CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2023-26360

CWE-ID: CWE-284

Exploitation vector: Network

Exploits in database: 4

October 25, 2024
- Adobe ColdFusion versions 2018_15 (and earlier) and 2021_5 and earlier - Arbitrary File Read [Exploit-DB]
June 7, 2024
- CVE-2023-26360-adobe-coldfusion-rce-exploit () [Github]
April 28, 2023
- Adobe ColdFusion Unauthenticated Remote Code Execution [Metasploit]
- Adobe ColdFusion Unauthenticated Arbitrary File Read [Metasploit]

Impact: Information disclosure

Vulnerable software:
ColdFusion
Server applications / Application servers

Vendor: Adobe