CVE-2023-26360

Related Files

Adobe ColdFusion Unauthenticated Arbitrary File Read

Posted Aug 31, 2024

Authored by Andrew | Site metasploit.com

This Metasploit module exploits a remote unauthenticated deserialization of untrusted data vulnerability in Adobe ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier, in order to read an arbitrary file from the server. To run this module you must provide a valid ColdFusion Component (CFC) endpoint via the CFC_ENDPOINT option, and a valid remote method name from that endpoint via the CFC_METHOD option. By default an endpoint in the ColdFusion Administrator (CFIDE) is provided. If the CFIDE is not accessible you will need to choose a different CFC endpoint, method and parameters.

tags | exploit, remote, arbitrary

advisories | CVE-2023-26360

SHA-256 | de661edb8896e72bade0f7599cfd12c9bedfd968ff8993ef271deae86817594a

Download | Favorite | View

Adobe ColdFusion 2018,15 / 2021,5 Arbitrary File Read

Posted Mar 11, 2024

Authored by Youssef Muhammad

Adobe ColdFusion versions 2018,15 and below and versions 2021,5 and below suffer from an arbitrary file read vulnerability.

tags | exploit, arbitrary

advisories | CVE-2023-26360

SHA-256 | 13a86908b0179fbc89ec6afba2a1ff200d2d4e963318afddcb2f12582423ca11

Download | Favorite | View

Adobe ColdFusion Unauthenticated Remote Code Execution

Posted May 1, 2023

Authored by sf | Site metasploit.com

This Metasploit module exploits a remote unauthenticated deserialization of untrusted data vulnerability in Adobe ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier, in order to gain remote code execution.

tags | exploit, remote, code execution

advisories | CVE-2023-26360

SHA-256 | a97dc5c7910c67fbfa47a0a5ff5111b60ef4fc38c7f19bc191fb098243b227f6

Download | Favorite | View