Adobe ColdFusion versions 2018,15 and below and versions 2021,5 and below suffer from an arbitrary file read vulnerability.
13a86908b0179fbc89ec6afba2a1ff200d2d4e963318afddcb2f12582423ca11
This Metasploit module exploits a remote unauthenticated deserialization of untrusted data vulnerability in Adobe ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier, in order to gain remote code execution.
a97dc5c7910c67fbfa47a0a5ff5111b60ef4fc38c7f19bc191fb098243b227f6