Main Vulnerability Database Vulnerabilities #VU17889

#VU17889 Dangerous file upload in ColdFusion - CVE-2019-7816

Published: March 1, 2019

Vulnerability identifier: #VU17889

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2019-7816

CWE-ID: CWE-434

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
ColdFusion

Software vendor:
Adobe

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of user-supplied input when processing file uploads. A remote attacker can upload and execute arbitrary code on the target system with privileges of the ColdFusion service. Successful exploitation of the vulnerability requires that the attacker has the ability to upload files.

Note, this vulnerability is being actively exploited in the wild.

Remediation

Install updates from vendor's website.

External links

https://helpx.adobe.com/security/products/coldfusion/apsb19-14.html